From owner-freebsd-pf@FreeBSD.ORG  Mon May 18 09:33:43 2009
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8D94E106566C
	for <freebsd-pf@freebsd.org>; Mon, 18 May 2009 09:33:43 +0000 (UTC)
	(envelope-from milu@dat.pl)
Received: from jab.dat.pl (dat.pl [80.51.155.34])
	by mx1.freebsd.org (Postfix) with ESMTP id 423C88FC19
	for <freebsd-pf@freebsd.org>; Mon, 18 May 2009 09:33:42 +0000 (UTC)
	(envelope-from milu@dat.pl)
Received: from localhost (jsrv.dat.pl [127.0.0.1])
	by jab.dat.pl (Postfix) with ESMTP id 2CD8F5E;
	Mon, 18 May 2009 11:14:34 +0200 (CEST)
X-Virus-Scanned: amavisd-new at dat.pl
Received: from jab.dat.pl ([127.0.0.1])
	by localhost (jab.dat.pl [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id 1co8HYcg595Z; Mon, 18 May 2009 11:14:31 +0200 (CEST)
Received: from snifi.localnet (87-204-241-35.ip.netia.com.pl [87.204.241.35])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by jab.dat.pl (Postfix) with ESMTPSA id B58C647;
	Mon, 18 May 2009 11:14:30 +0200 (CEST)
From: Maciej Milewski <milu@dat.pl>
To: freebsd-pf@freebsd.org
Date: Mon, 18 May 2009 11:14:23 +0200
User-Agent: KMail/1.11.2 (Linux/2.6.29-ARCH; KDE/4.2.2; x86_64; ; )
References: <ec5d34680905172320r60aef0a6r3b37d0ace7cdec94@mail.gmail.com>
In-Reply-To: <ec5d34680905172320r60aef0a6r3b37d0ace7cdec94@mail.gmail.com>
MIME-Version: 1.0
Message-Id: <200905181114.24507.milu@dat.pl>
Content-Type: text/plain;
  charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: ysidhu@ucolick.org
Subject: Re: Testing new firewall to replace operational firewall
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 18 May 2009 09:33:43 -0000

Monday 18 May 2009 08:20:40 mehma sarja napisa=B3(a):
> SECOND
> Are the "flags S/SA" altq functions? Because, as I said before, the new
> firewall is FreeBSD GENERIC kernel with altq not compiled in.
No, they aren't as far as I know. Altq is a mechanism using for=20
queuing/traffic shaping. If you don't compile it it just can't be used. For=
=20
more info please look at PF FAQ or pf manual.

S/SA is from flags and means SYN and ACK.=20
Handbook says "FreeBSD 7.X -- PF is at OpenBSD 4.1" So this option (flags=20
S/SA) is set by default. If you omit it in config it will be set.

=20
Best Regards,
Maciej Milewski