Date: Sat, 3 Aug 2002 20:53:10 -0500 (CDT) From: Nick Rogness <nick@rogness.net> To: cjclark@alum.mit.edu Cc: Joe & Fhe Barbish <barbish@a1poweruser.com>, FBIPFW <freebsd-ipfw@FreeBSD.ORG>, archie@whistle.com, cmott@scientech.com, perhaps@yes.no, suutari@iki.fi, dnelson@redwoodsoft.com, brian@awfulhak.org, ru@FreeBSD.ORG, rizzo@icir.org Subject: Re: natd & keep-state Message-ID: <Pine.BSF.4.21.0208032039350.28420-100000@cody.jharris.com> In-Reply-To: <20020803212854.GA55652@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 3 Aug 2002, Crist J. Clark wrote: [SNIP] > Fine, whatever. But the ipfw(8) and natd(8) developers seem to hold > the same opinion. Maybe if you proposed some possible way for natd(8) > and 'keep-state' rules to work well together someone could do it. FWIW, you can modify the behavior of "check-state" to "JUMP TO RULE NUMBER XXX on stateful match" and solve most of the problems associated with natd & stateful inspection. Right now, if check-state finds a match it stops...we need it to optionally JUMP_TO RULE XXX. Kinda like "skipto" functionality. I talked to Luigi about this and he didn't understand what I meant (which is my fault). But I believe the concept is still sound. Nick Rogness <nick@rogness.net> - Don't mind me...I'm just sniffing your packets To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0208032039350.28420-100000>