From owner-freebsd-pf@FreeBSD.ORG  Tue May 19 05:11:13 2009
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 819521065680
	for <freebsd-pf@freebsd.org>; Tue, 19 May 2009 05:11:13 +0000 (UTC)
	(envelope-from mehmasarja@gmail.com)
Received: from mail-pz0-f105.google.com (mail-pz0-f105.google.com
	[209.85.222.105])
	by mx1.freebsd.org (Postfix) with ESMTP id 54D118FC15
	for <freebsd-pf@freebsd.org>; Tue, 19 May 2009 05:11:13 +0000 (UTC)
	(envelope-from mehmasarja@gmail.com)
Received: by pzk3 with SMTP id 3so2473884pzk.3
	for <freebsd-pf@freebsd.org>; Mon, 18 May 2009 22:11:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:in-reply-to:references
	:date:message-id:subject:from:to:cc:content-type;
	bh=q7dCbA66IxT9Znr2dBL0OBOAxVkQMQL+Cuc3xaoNf8I=;
	b=SCXEvjQwQQKJRdN0EWyPgDDA7bgNGftqfWPaERWLKYMFSbNAptkVEUGg3RZA6zsc2a
	5S8tzm1FAY1y4QeeoxR+CZUhU+dIJ7sj1BT0RSBkK8Vub/LMIwe0UnnXMv6D0uCb1psg
	XMtcEnrQiOQDocgJBY3am+UWzPTnXBbFdYfGg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	b=p6Xy7z9N7VX6hPl0qcQG2dj2Z581t9o4jhmE2N36QWV/9Uqi4jIujgBqaQk9NJJz44
	n8srm5vT7jy+tje/0AEkWCInfq3Qnm7Eq67qWStCFmZvLVcccfxSEPCb/YjA6yD2Go2R
	wGpTjGO7YbmyM5/IN/LkTOVRaaeqCBL4Qr7aU=
MIME-Version: 1.0
Received: by 10.114.113.16 with SMTP id l16mr12796349wac.164.1242709872876; 
	Mon, 18 May 2009 22:11:12 -0700 (PDT)
In-Reply-To: <200905181114.24507.milu@dat.pl>
References: <ec5d34680905172320r60aef0a6r3b37d0ace7cdec94@mail.gmail.com>
	<200905181114.24507.milu@dat.pl>
Date: Mon, 18 May 2009 22:11:12 -0700
Message-ID: <ec5d34680905182211n228bde4ale302ab1e5c2d29a3@mail.gmail.com>
From: mehma sarja <mehmasarja@gmail.com>
To: Maciej Milewski <milu@dat.pl>
Content-Type: text/plain; charset=ISO-8859-2
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: ysidhu@ucolick.org, freebsd-pf@freebsd.org
Subject: Re: Testing new firewall to replace operational firewall
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 May 2009 05:11:13 -0000

Maciej,

Thanks for answering one question. Now, does anyone know anything about
"modulated state" running on tandem firewalls causing problems?

Yudhvir
=3D=3D=3D

2009/5/18 Maciej Milewski <milu@dat.pl>

> Monday 18 May 2009 08:20:40 mehma sarja napisa=B3(a):
> > SECOND
> > Are the "flags S/SA" altq functions? Because, as I said before, the new
> > firewall is FreeBSD GENERIC kernel with altq not compiled in.
> No, they aren't as far as I know. Altq is a mechanism using for
> queuing/traffic shaping. If you don't compile it it just can't be used. F=
or
> more info please look at PF FAQ or pf manual.
>
>
> S/SA is from flags and means SYN and ACK.
> Handbook says "FreeBSD 7.X -- PF is at OpenBSD 4.1" So this option (flags
> S/SA) is set by default. If you omit it in config it will be set.
>
>
>
> Best Regards,
> Maciej Milewski
>