Date: Sun, 15 Apr 2007 15:00:50 -0700 From: Luigi Rizzo <rizzo@icir.org> To: Ivan Voras <ivoras@fer.hr> Cc: freebsd-net@freebsd.org Subject: Re: ipfw, keep-state and limit Message-ID: <20070415150050.C39338@xorpc.icir.org> In-Reply-To: <evu6sg$q2i$1@sea.gmane.org>; from ivoras@fer.hr on Sun, Apr 15, 2007 at 11:53:15PM %2B0200 References: <evu0kp$9u9$1@sea.gmane.org> <20070415144922.A39338@xorpc.icir.org> <evu6sg$q2i$1@sea.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Apr 15, 2007 at 11:53:15PM +0200, Ivan Voras wrote: > Luigi Rizzo wrote: > > > if i remember well (the implementation dates back to 2001 or so) > > you just need to use "limit", as it implicitly installs > > a dynamic state entry (same as keep-state). > > Thanks, I'll try it tomorrow. If it works, may I suggest a change: make > the error message say "keep-state is redundant with limits" and proceed > like only "limits" exists? it certainly makes sense to change the error message and explain better what is wrong. However i really don't like the idea of accepting a wrong ipfw rule, because it encourages lazy programming practices. cheers luigi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070415150050.C39338>