From owner-freebsd-pf@FreeBSD.ORG Mon Jun 8 20:53:16 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8FD27106566C for ; Mon, 8 Jun 2009 20:53:16 +0000 (UTC) (envelope-from ddesimone@verio.net) Received: from relay2-bcrtfl2.verio.net (relay2-bcrtfl2.verio.net [131.103.218.177]) by mx1.freebsd.org (Postfix) with ESMTP id 406858FC12 for ; Mon, 8 Jun 2009 20:53:16 +0000 (UTC) (envelope-from ddesimone@verio.net) Received: from iad-wprd-xchw01.corp.verio.net (unknown [198.87.7.164]) by relay2-bcrtfl2.verio.net (Postfix) with ESMTP id 7CBF61FF0239; Mon, 8 Jun 2009 16:53:15 -0400 (EDT) thread-index: AcnoeyTAUEeoL3lrTk2a0+MD2yyyRg== Received: from dllstx1-8sst9f1.corp.verio.net ([10.144.0.59]) by iad-wprd-xchw01.corp.verio.net over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Mon, 8 Jun 2009 16:53:14 -0400 Received: by dllstx1-8sst9f1.corp.verio.net (sSMTP sendmail emulation); Mon, 08 Jun 2009 15:53:12 +0000 Date: Mon, 8 Jun 2009 15:53:12 -0500 From: "David DeSimone" To: Importance: normal Priority: normal Content-Class: urn:content-classes:message X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3168 Message-ID: <20090608205312.GS5596@verio.net> Mail-Followup-To: vila@tesla.cujae.edu.cu, =?iso-8859-1?Q?Istv=E1n?= , freebsd-pf@freebsd.org References: <20090606124949.japda2vrkck4wk8o@correo.cujae.edu.cu> <9a542da30906060955i4a1097bcpad5fd78587d7e169@mail.gmail.com> <20090606131545.kk8k1qf7a8oc4os8@correo.cujae.edu.cu> <20090606135250.3n87bzp88wc4kgk8@correo.cujae.edu.cu> <20090606142940.0c42ju9uswkg4w8s@correo.cujae.edu.cu> <20090607132751.18wu3idnkgcgkss8@correo.cujae.edu.cu> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <20090607132751.18wu3idnkgcgkss8@correo.cujae.edu.cu> Precedence: bulk User-Agent: Mutt/1.5.18 (2008-05-17) X-OriginalArrivalTime: 08 Jun 2009 20:53:14.0136 (UTC) FILETIME=[241E5980:01C9E87B] Cc: freebsd-pf@freebsd.org Subject: Re: Connmark target X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2009 20:53:16 -0000 vila@tesla.cujae.edu.cu wrote: > > by the way, anyone knows if there are plans to include connection mark > capabilities to pf. > > i say this because until now is the only way i=B4ve found to solve my > issue. I think the real question is whether tags become part of connection "state". For instance: pass in quick on $INT_IF from $NETWORK to any tag "INTERNAL" keep = state pass out quick on $EXT_IF tagged "INTERNAL" keep state So, when a packet comes in on $INT_IF and goes out $EXT_IF, obviously it will have tag "INTERNAL" attached to it. However, when the reply packet comes back in $EXT_IF and makes its way back to $INT_IF, will it also have the "INTERNAL" tag attached? If it does, that would make ALTQ able to assign it and classify it and queue it the way people want. But the question is, is the tagging considered part of the "state" that is kept in the state table? --=20 David DeSimone =3D=3D Network Admin =3D=3D fox@verio.net "I don't like spinach, and I'm glad I don't, because if I liked it I'd eat it, and I just hate it." -- Clarence Darrow This email message is intended for the use of the person to whom it has = been sent, and may contain information that is confidential or legally = protected. If you are not the intended recipient or have received this = message in error, you are not authorized to copy, distribute, or = otherwise use this message or its attachments. Please notify the sender = immediately by return e-mail and permanently delete this message and any = attachments. Verio, Inc. makes no warranty that this email is error or = virus free. Thank you.