From owner-freebsd-questions@FreeBSD.ORG Wed Jan 14 09:44:52 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BBEFD16A4CE for ; Wed, 14 Jan 2004 09:44:52 -0800 (PST) Received: from web41403.mail.yahoo.com (web41403.mail.yahoo.com [66.218.93.69]) by mx1.FreeBSD.org (Postfix) with SMTP id B837543D1F for ; Wed, 14 Jan 2004 09:44:51 -0800 (PST) (envelope-from davemac11@yahoo.com) Message-ID: <20040114174451.11842.qmail@web41403.mail.yahoo.com> Received: from [168.91.4.66] by web41403.mail.yahoo.com via HTTP; Wed, 14 Jan 2004 09:44:51 PST Date: Wed, 14 Jan 2004 09:44:51 -0800 (PST) From: Dave McCammon To: fbsd_user@a1poweruser.com In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: questions@freebsd.org Subject: RE: IPFW 'keep state' & 'limit' X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2004 17:44:52 -0000 --- fbsd_user wrote: > The FBSD 5.2 man IPFW does not say anything > different that the 4.9 > man IPFW. > Are you saying the man doc in 5.2 is wrong? > > 5.2 is using the ipfw2 code for IPFIREWALL I > believe. > > Documenting the fact that 'limit' performs the same > function as > 'keep state' in additional to 'limit' stated purpose > is very > important information. Also that 'limit' and 'keep > state' can not be > coded together is another very important piece > information that need > to be documented in the man IPFW data. > > Should this be submitted as an problem report? > > Snippits from IPFW(8) on FBSD 5.2 ---[begin snip]--- STATEFUL FIREWALL Stateful operation is a way for the firewall to dynamically create rules for specific flows when packets that match a given pattern are detected. Support for stateful operation comes through the check-state, keep-state and limit options of rules. ----[snip]----- Dynamic rules will be checked at the first check-state, keep-state or limit occurrence, and the action performed upon a match will be the same as in the parent rule. ---[end snip--- There is also an occurence farther down under the "EXAMPLES" area in the "DYNAMIC RULES" area which doesn't mention the limit option. ---[begin snip}--- Dynamic rules are checked when encountering the first check-state or keep-state rule. ---[end snip]---- Granted it doesn't say anything about them not working if used together but, since it does say that they both create dynamic rules, it looks to be intuitively implied that they wouldn't be used together. __________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus