Date: Tue, 9 Jun 2009 00:12:44 +0200 From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org> To: vila@tesla.cujae.edu.cu, =?ISO-8859-1?B?SXN0duFu?= <leccine@gmail.com>, freebsd-pf@freebsd.org Subject: Re: Connmark target Message-ID: <9a542da30906081512v340b590fme0291f4fdd69db56@mail.gmail.com> In-Reply-To: <20090608205312.GS5596@verio.net> References: <20090606124949.japda2vrkck4wk8o@correo.cujae.edu.cu> <9a542da30906060955i4a1097bcpad5fd78587d7e169@mail.gmail.com> <20090606131545.kk8k1qf7a8oc4os8@correo.cujae.edu.cu> <b8592ed80906061020n1d7f582fh42a0c94dcda2cfe1@mail.gmail.com> <20090606135250.3n87bzp88wc4kgk8@correo.cujae.edu.cu> <b8592ed80906061111h4157a78cl365d160437b88426@mail.gmail.com> <20090606142940.0c42ju9uswkg4w8s@correo.cujae.edu.cu> <b8592ed80906061243k17c46004j5b91cc4a41a6bda2@mail.gmail.com> <20090607132751.18wu3idnkgcgkss8@correo.cujae.edu.cu> <20090608205312.GS5596@verio.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 8, 2009 at 10:53 PM, David DeSimone<fox@verio.net> wrote: > vila@tesla.cujae.edu.cu <vila@tesla.cujae.edu.cu> wrote: >> >> by the way, anyone knows if there are plans to include connection mark >> capabilities to pf. >> >> i say this because until now is the only way i“ve found to solve my >> issue. > > I think the real question is whether tags become part of connection > "state". > > For instance: > > pass in quick on $INT_IF from $NETWORK to any tag "INTERNAL" keep state pass in quick on $INT_IF from $NETWORK to any tag "INTERNAL" tagged INTERNAL keep state > > pass out quick on $EXT_IF tagged "INTERNAL" keep state pass out quick on $EXT_IF tag INTERNAL tagged "INTERNAL" keep state In this way it would work. > > So, when a packet comes in on $INT_IF and goes out $EXT_IF, obviously it > will have tag "INTERNAL" attached to it. However, when the reply packet > comes back in $EXT_IF and makes its way back to $INT_IF, will it also > have the "INTERNAL" tag attached? If it does, that would make ALTQ able > to assign it and classify it and queue it the way people want. But the > question is, is the tagging considered part of the "state" that is kept > in the state table? > > -- > David DeSimone == Network Admin == fox@verio.net > "I don't like spinach, and I'm glad I don't, because if I > liked it I'd eat it, and I just hate it." -- Clarence Darrow > > > This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you. > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > -- Ermal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9a542da30906081512v340b590fme0291f4fdd69db56>