Date: Tue, 9 Jun 2009 00:12:44 +0200 From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org> To: vila@tesla.cujae.edu.cu, =?ISO-8859-1?B?SXN0duFu?= <leccine@gmail.com>, freebsd-pf@freebsd.org Subject: Re: Connmark target Message-ID: <9a542da30906081512v340b590fme0291f4fdd69db56@mail.gmail.com> In-Reply-To: <20090608205312.GS5596@verio.net> References: <20090606124949.japda2vrkck4wk8o@correo.cujae.edu.cu> <9a542da30906060955i4a1097bcpad5fd78587d7e169@mail.gmail.com> <20090606131545.kk8k1qf7a8oc4os8@correo.cujae.edu.cu> <b8592ed80906061020n1d7f582fh42a0c94dcda2cfe1@mail.gmail.com> <20090606135250.3n87bzp88wc4kgk8@correo.cujae.edu.cu> <b8592ed80906061111h4157a78cl365d160437b88426@mail.gmail.com> <20090606142940.0c42ju9uswkg4w8s@correo.cujae.edu.cu> <b8592ed80906061243k17c46004j5b91cc4a41a6bda2@mail.gmail.com> <20090607132751.18wu3idnkgcgkss8@correo.cujae.edu.cu> <20090608205312.GS5596@verio.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 8, 2009 at 10:53 PM, David DeSimone<fox@verio.net> wrote: > vila@tesla.cujae.edu.cu <vila@tesla.cujae.edu.cu> wrote: >> >> by the way, anyone knows if there are plans to include connection mark >> capabilities to pf. >> >> i say this because until now is the only way i=B4ve found to solve my >> issue. > > I think the real question is whether tags become part of connection > "state". > > For instance: > > =A0 =A0pass in quick on $INT_IF from $NETWORK to any tag "INTERNAL" keep = state pass in quick on $INT_IF from $NETWORK to any tag "INTERNAL" tagged INTERNAL keep state > > =A0 =A0pass out quick on $EXT_IF tagged "INTERNAL" keep state pass out quick on $EXT_IF tag INTERNAL tagged "INTERNAL" keep state In this way it would work. > > So, when a packet comes in on $INT_IF and goes out $EXT_IF, obviously it > will have tag "INTERNAL" attached to it. =A0However, when the reply packe= t > comes back in $EXT_IF and makes its way back to $INT_IF, will it also > have the "INTERNAL" tag attached? =A0If it does, that would make ALTQ abl= e > to assign it and classify it and queue it the way people want. =A0But the > question is, is the tagging considered part of the "state" that is kept > in the state table? > > -- > David DeSimone =3D=3D Network Admin =3D=3D fox@verio.net > =A0"I don't like spinach, and I'm glad I don't, because if I > =A0 liked it I'd eat it, and I just hate it." -- Clarence Darrow > > > This email message is intended for the use of the person to whom it has b= een sent, and may contain information that is confidential or legally prote= cted. If you are not the intended recipient or have received this message i= n error, you are not authorized to copy, distribute, or otherwise use this = message or its attachments. Please notify the sender immediately by return = e-mail and permanently delete this message and any attachments. Verio, Inc.= makes no warranty that this email is error or virus free. =A0Thank you. > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > --=20 Ermal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9a542da30906081512v340b590fme0291f4fdd69db56>