Date: Wed, 12 Mar 2003 11:16:23 -0800 From: "Crist J. Clark" <crist.clark@attbi.com> To: JoeB <barbish@a1poweruser.com> Cc: ipfw@freebsd.org Subject: Re: Anti-Spoofing Option Message-ID: <20030312191623.GD16143@blossom.cjclark.org> In-Reply-To: <20030312185830.GC16143@blossom.cjclark.org> References: <20030312080622.GA42446@blossom.cjclark.org> <MIEPLLIBMLEEABPDBIEGGECLDIAA.barbish@a1poweruser.com> <20030312185830.GC16143@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 12, 2003 at 10:58:30AM -0800, Crist J. Clark wrote:
[snip]
*sigh*
> Uh, where does it say that it doesn't work with dynamic rules? The
> examples I gave were stateless because it's easier to give
> free-standing examples. The reason I made it a option rather than an
> action was specfically to make it work better in dynamic rules. This,
>
> # ipfw add 1000 pass ip from ${internal_net} to any verrevpath in via ${if}
s/any/any keep-state/
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030312191623.GD16143>