Date: Sat, 9 Aug 2008 17:15:04 GMT From: Gleb Kurtsou <gk@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 146996 for review Message-ID: <200808091715.m79HF4eC022431@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=146996 Change 146996 by gk@gk_h1 on 2008/08/09 17:14:46 document state-options (mostly copy-pasted from pf.conf(5)) Affected files ... .. //depot/projects/soc2008/gk_l2filter/sbin-ipfw/ipfw.8#6 edit Differences ... ==== //depot/projects/soc2008/gk_l2filter/sbin-ipfw/ipfw.8#6 (text+ko) ==== @@ -1465,6 +1465,21 @@ Matches TCP packets that have the SYN bit set but no ACK bit. This is the short form of .Dq Li tcpflags\ syn,!ack . +.It Cm state-options Ar spec +Specifies options for dynamic rule creation by +.Cm keep-state +or +.Cm limit . +.Ar spec +is comma separated list of options. +The supported options are: +.Bl -tag -width xxxxxxxx -compact +.It Cm ether +Enable layer 2 stateful filtering for a rule. +Source and destination ethernet addresses (MAC addresses) are used to +create a state entry (dynamic rule) and to check if packet matches any +state entry. +.El .It Cm src-arp Ar src-arp Matches Address Resolution Protocol (ARP) packets whose .Em Sender protocol address (SPA)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808091715.m79HF4eC022431>