Date: Tue, 3 Feb 2015 21:04:15 +1100 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Lev Serebryakov <lev@freebsd.org> Cc: freebsd-ipfw <freebsd-ipfw@freebsd.org>, freebsd-net <freebsd-net@freebsd.org> Subject: Re: [RFC][patch] Two new actions: state-allow and state-deny Message-ID: <20150203205715.A38620@sola.nimnet.asn.au> In-Reply-To: <54CFCD45.9070304@FreeBSD.org> References: <54CFCD45.9070304@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2 Feb 2015 22:17:25 +0300, Lev Serebryakov wrote:
> Now to make stateful firewall with NAT you need to make some not very
> "readable" tricks to record state ("allow") of outbound connection
> before NAT, but pass packet to NAT after that. I know two:
>
> (a) skipto-nat-allow pattern from many HOWOTOs
Lev, can you provide references for these HOWTOs you refer to?
I have a suspicion that some of them should be taken out and shot.
cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150203205715.A38620>