Date: Tue, 22 Mar 2005 16:09:00 +0300 From: "Eugene M. Minkovskii" <emin@mccme.ru> To: "Peter N. M. Hansteen" <peter@bgnett.no> Cc: freebsd-questions@freebsd.org Subject: Re: OpenBSD's pf and traffic Message-ID: <20050322130900.GC3137@mccme.ru> In-Reply-To: <86d5tr6e1r.fsf@amidala.datadok.no> References: <20050320093159.GA3213@mccme.ru> <861xaamf9t.fsf@amidala.datadok.no> <20050321071227.GA29429@mccme.ru> <86eke9fn7o.fsf@amidala.datadok.no> <20050322120451.GA3137@mccme.ru> <86hdj36fho.fsf@amidala.datadok.no> <20050322124220.GB3137@mccme.ru> <86d5tr6e1r.fsf@amidala.datadok.no>
next in thread | previous in thread | raw e-mail | index | archive | help
" " In a word, yes. The 'keep state' in these examples, would AFAIK mean " that the counters would keep track of all traffic for a connection, so " traffic initiated from the inside would match the pass out rule's " counters, while connections opened from the outside would count on the " pass in rules. " Unfortunely, this mean, that OpenBSD's pf can not measure traffic, because we can not separate incoming and outgoing traffic in bidirectional rule. Or we must not use keep state feature. -- Sensory yours, Eugene Minkovskii Сенсорно ваш, Евгений Миньковский
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050322130900.GC3137>