Date: Sat, 3 Aug 2002 21:20:50 -0700 From: Luigi Rizzo <rizzo@icir.org> To: Nick Rogness <nick@rogness.net> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: natd & keep-state Message-ID: <20020803212050.A5279@iguana.icir.org> In-Reply-To: <Pine.BSF.4.21.0208032039350.28420-100000@cody.jharris.com>; from nick@rogness.net on Sat, Aug 03, 2002 at 08:53:10PM -0500 References: <20020803212854.GA55652@blossom.cjclark.org> <Pine.BSF.4.21.0208032039350.28420-100000@cody.jharris.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I still do not follow... isn't this exactly what you want ?
ipfw add skipto 5000 <bla bla bla> keep-state
check-state does not stop, it just executes whatever action is
specified for the original rule from which the state was created.
So if that one is a skipto you have a skipto.
cheers
luigi
On Sat, Aug 03, 2002 at 08:53:10PM -0500, Nick Rogness wrote:
...
>
> FWIW, you can modify the behavior of "check-state" to "JUMP TO
> RULE NUMBER XXX on stateful match" and solve most of the problems
> associated with natd & stateful inspection. Right now,
> if check-state finds a match it stops...we need it to optionally
> JUMP_TO RULE XXX. Kinda like "skipto" functionality.
>
> I talked to Luigi about this and he didn't understand what I
> meant (which is my fault). But I believe the concept is still
> sound.
>
>
> Nick Rogness <nick@rogness.net>
> - Don't mind me...I'm just sniffing your packets
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-ipfw" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020803212050.A5279>