Date: Wed, 04 Feb 2015 17:17:06 +1100 From: Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au> To: freebsd-ipfw@freebsd.org Subject: Re: [RFC][patch] New "keep-state-only" option Message-ID: <54D1B962.4060700@heuristicsystems.com.au> In-Reply-To: <54D1B050.2040706@freebsd.org> References: <54D0F39B.4070707@FreeBSD.org> <54D1AF04.8050106@freebsd.org> <54D1B050.2040706@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4/02/2015 4:38 PM, Julian Elischer wrote: > On 2/4/15 1:32 PM, Julian Elischer wrote: >> On 2/4/15 12:13 AM, Lev Serebryakov wrote: >>> >>> And variants with multiple NATs and "nat global" becomes as easy as >>> this, too! No stupid "skipto", no "keep-state" at "incoming from local >>> network" parts of firewall, nothing! >>> >>> P.S. I HATE this "all any to any" part! >> can we get rid of it? (implied).. or just add "everything" >> also I am not sure about "keep-state-only".. >> how about 'set-state'? or record-state as I started with.. > or record-session.. (state always annoyed me) > >> >> record-state seems more intuitive, while record-session suggests a wider scope involving session negotiation. Regards, Dewayne.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54D1B962.4060700>