Date: Mon, 02 Feb 2015 22:17:25 +0300 From: Lev Serebryakov <lev@FreeBSD.org> To: freebsd-ipfw <freebsd-ipfw@freebsd.org>, freebsd-net <freebsd-net@freebsd.org> Subject: [RFC][patch] Two new actions: state-allow and state-deny Message-ID: <54CFCD45.9070304@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------040906070105090005040205
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Now to make stateful firewall with NAT you need to make some not very
"readable" tricks to record state ("allow") of outbound connection
before NAT, but pass packet to NAT after that. I know two:
(a) skipto-nat-allow pattern from many HOWOTOs
add 1000 skipto 2000 all from any to any out xmit outIface
add 1010 skipto 3000 all from any to any in recv outIface
add 2000 skipto 2010 from any to any keep-state
add 2010 nat NR from any to any out // Note this "out" in out section!
add 2020 allow all from any to any
add 3000 nat NR from any to any
add 3010 check-state // Use dynamic rule based on 2000
(b) Adding "allow keep-state" to _IN_ rules on _internal_ interfaces
to check this states AFTER _IN_ nat on _external_ interfaces.
I don't like both of them. First one is not very clear and needs
additional "out" option on outbound NAT rule. Second one requires to
have "allow keep-state" and "check-state" rules in different parts of
firewall, on different interfaces, which is not very clear too and
needs additional conditions for "allow keep-state" if you don't want
stateful firewall for internal networks and only want states for
external traffic.
I propose two new actions: state-allow and state-deny.
They imply "keep-state" and create new dynamic rules, when called
directly, but pass packet to NEXT rule after that (don't stop search).
When they are called as dynamic rule, they acts as "allow" and "deny".
So, stateful firewall with NAT could be rewritten like this:
add 1000 skipto 2000 all from any to any out xmit outIface
add 1010 skipto 3000 all from any to any in recv outIface
add 2000 state-allow from any to any // keep-state is implied
add 2010 nat NR from any to any // No "out" here!
add 2020 allow all from any to any
add 3000 nat NR from any to any
add 3010 check-state // Use dynamic rule based on 2000 as "allow" here
What do you think?
- --
// Lev Serebryakov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQJ8BAEBCgBmBQJUz81EXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF
QUIwM0M1OEJGREM0NzhGAAoJEOqwPFi/3EePkhwQAJg4s1Ipomi0lZTqa8pklExD
GHvkeuVdm1RSakolwHf8M26a+Xg1zlIm0tD2PQ18FkaA1QTjwai7kyKu2SwhsvkF
P7B3GE33Pj4dhMzhpnmSnxcjLZEAENENzAOnGBN47NM617KOkJmyRmH54RO8xFI8
UbctlfiWC0ECujlWC4HcLthlrI3ZemqeFK1llzQ+k0LgUDQ8eegFmrLCbMVbVKxJ
4HACPQzzPwzabZE+kifE1KDnOEthEuTXuMpL6pS98s8w+b92TFJsS40DqngWNuqv
M2QCCJbLZRwoDRTkf3H8AlbdIk94CPFjJkmZd86ZUpKF3rVJ7VICH7SkV90P1hlm
yRc/26jX2LvqyyKgxMDQ4UpJuSikxASHx/3mDOV83snxlXtwW0or6f+XSW1QVFFt
2OCo6DmwclQ2HzBaomy0QKqlKq09VzHJdEBtfsyBqKyQP2UG3/CDj6rwqc564rOb
MDJFDtsMsquOgJTBSYLcAQhc8v9I3HUuELT/eyo3YCCrPKAAPtV89jWZ2dI+np3h
utaVJxJ4qSyVp5R3H2MTvWdk1PPptygxx0UHMVyNTgSnsbczNsywWzELoOzTzEZn
XS352D2dWXsvFV07cwtHovnY+vCKOXVI2ljJ6uHwZZlisJg4M+o80LChHT5jQ6nw
9DVWmu2YK6nC7aJI6Fy7
=TMJo
-----END PGP SIGNATURE-----
--------------040906070105090005040205
Content-Type: text/plain; charset=windows-1251;
name="ipfw-state-actions.diff"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="ipfw-state-actions.diff"
SW5kZXg6IHNiaW4vaXBmdy9pcGZ3LjgKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gc2Jpbi9pcGZ3L2lw
ZncuOAkocmV2aXNpb24gMjc4MDIxKQorKysgc2Jpbi9pcGZ3L2lwZncuOAkod29ya2luZyBj
b3B5KQpAQCAtOTMyLDYgKzkzMiwyNiBAQAogLkVkCiAuUHAKIFRoaXMgY29zbWV0aWMgYW5u
b3lhbmNlIG1heSBiZSBmaXhlZCBpbiBmdXR1cmUgcmVsZWFzZXMuCisuSXQgQ20gc3RhdGUt
YWxsb3cKK0NyZWF0ZSBkeW5hbWljIHJ1bGUgd2hpY2ggYWN0cyBhcworLkNtIGFsbG93City
dWxlIHdoZW4gY2hlY2tlZCB3aXRoCisuQ20gY2hlY2stc3RhdGUKK2FjdGlvbi4KK1doZW4g
dGhpcyBhY3Rpb24gaXMgdGFrZW4gZGlyZWN0bHksIHNlYXJjaCBjb250aW51ZXMgd2l0aCB0
aGUgbmV4dCBydWxlLgorVGhpcyBhY3Rpb24gaW1wbGllcworLkNtIGtlZXAtc3RhdGUKK2lu
c3RydWN0aW9uLgorLkl0IENtIHN0YXRlLWRlbnkKK0NyZWF0ZSBkeW5hbWljIHJ1bGUgd2hp
Y2ggYWN0cyBhcworLkNtIGRlbnkKK3J1bGUgd2hlbiBjaGVja2VkIHdpdGgKKy5DbSBjaGVj
ay1zdGF0ZQorYWN0aW9uLgorV2hlbiB0aGlzIGFjdGlvbiBpcyB0YWtlbiBkaXJlY3RseSwg
c2VhcmNoIGNvbnRpbnVlcyB3aXRoIHRoZSBuZXh0IHJ1bGUuCitUaGlzIGFjdGlvbiBpbXBs
aWVzCisuQ20ga2VlcC1zdGF0ZQoraW5zdHJ1Y3Rpb24uCiAuSXQgQ20gdGVlIEFyIHBvcnQK
IFNlbmQgYSBjb3B5IG9mIHBhY2tldHMgbWF0Y2hpbmcgdGhpcyBydWxlIHRvIHRoZQogLlhy
IGRpdmVydCA0CkluZGV4OiBzYmluL2lwZncvaXBmdzIuYwo9PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBz
YmluL2lwZncvaXBmdzIuYwkocmV2aXNpb24gMjc4MDIxKQorKysgc2Jpbi9pcGZ3L2lwZncy
LmMJKHdvcmtpbmcgY29weSkKQEAgLTI2NCw2ICsyNjQsMTIgQEAKIAl7ICJzZXRkc2NwIiwJ
CVRPS19TRVREU0NQIH0sCiAJeyAiY2FsbCIsCQlUT0tfQ0FMTCB9LAogCXsgInJldHVybiIs
CQlUT0tfUkVUVVJOIH0sCisJeyAic3RhdGUtYWNjZXB0IiwJVE9LX1NUQVRFX0FDQ0VQVCB9
LAorCXsgInN0YXRlLXBhc3MiLAkJVE9LX1NUQVRFX0FDQ0VQVCB9LAorCXsgInN0YXRlLWFs
bG93IiwJVE9LX1NUQVRFX0FDQ0VQVCB9LAorCXsgInN0YXRlLXBlcm1pdCIsCVRPS19TVEFU
RV9BQ0NFUFQgfSwKKwl7ICJzdGF0ZS1kZW55IiwJCVRPS19TVEFURV9ERU5ZIH0sCisJeyAi
c3RhdGUtZHJvcCIsCQlUT0tfU1RBVEVfREVOWSB9LAogCXsgTlVMTCwgMCB9CS8qIHRlcm1p
bmF0b3IgKi8KIH07CiAKQEAgLTE1ODQsNiArMTU5MCwxNCBAQAogCQkJCWJwcmludF91aW50
X2FyZyhicCwgImNhbGwgIiwgY21kLT5hcmcxKTsKIAkJCWJyZWFrOwogCisJCWNhc2UgT19T
VEFURV9BQ0NFUFQ6CisJCQlicHJpbnRmKGJwLCAic3RhdGUtYWxsb3ciKTsKKwkJCWJyZWFr
OworCisJCWNhc2UgT19TVEFURV9ERU5ZOgorCQkJYnByaW50ZihicCwgInN0YXRlLWRlbnki
KTsKKwkJCWJyZWFrOworCiAJCWRlZmF1bHQ6CiAJCQlicHJpbnRmKGJwLCAiKiogdW5yZWNv
Z25pemVkIGFjdGlvbiAlZCBsZW4gJWQgIiwKIAkJCQljbWQtPm9wY29kZSwgY21kLT5sZW4p
OwpAQCAtMzgwNyw2ICszODIxLDE2IEBACiAJCWZpbGxfY21kKGFjdGlvbiwgT19DQUxMUkVU
VVJOLCBGX05PVCwgMCk7CiAJCWJyZWFrOwogCisJY2FzZSBUT0tfU1RBVEVfQUNDRVBUOgor
CQloYXZlX3N0YXRlID0gYWN0aW9uOworCQlhY3Rpb24tPm9wY29kZSA9IE9fU1RBVEVfQUND
RVBUOworCQlicmVhazsKKworCWNhc2UgVE9LX1NUQVRFX0RFTlk6CisJCWhhdmVfc3RhdGUg
PSBhY3Rpb247CisJCWFjdGlvbi0+b3Bjb2RlID0gT19TVEFURV9ERU5ZOworCQlicmVhazsK
KwogCWRlZmF1bHQ6CiAJCWVycngoRVhfREFUQUVSUiwgImludmFsaWQgYWN0aW9uICVzXG4i
LCBhdlstMV0pOwogCX0KQEAgLTM4OTgsNyArMzkyMiw3IEBACiAJCWNtZCA9IG5leHRfY21k
KGNtZCwgJmNibGVuKTsKIAl9CiAKLQlpZiAoaGF2ZV9zdGF0ZSkJLyogbXVzdCBiZSBhIGNo
ZWNrLXN0YXRlLCB3ZSBhcmUgZG9uZSAqLworCWlmIChoYXZlX3N0YXRlICYmIGhhdmVfc3Rh
dGUtPm9wY29kZSA9PSBUT0tfQ0hFQ0tTVEFURSkJLyogY2hlY2stc3RhdGUsIHdlIGFyZSBk
b25lICovCiAJCWdvdG8gZG9uZTsKIAogI2RlZmluZSBPUl9TVEFSVCh0YXJnZXQpCQkJCQlc
CkBAIC00NTgwLDcgKzQ2MDQsOSBAQAogCS8qCiAJICogZ2VuZXJhdGUgT19QUk9CRV9TVEFU
RSBpZiBuZWNlc3NhcnkKIAkgKi8KLQlpZiAoaGF2ZV9zdGF0ZSAmJiBoYXZlX3N0YXRlLT5v
cGNvZGUgIT0gT19DSEVDS19TVEFURSkgeworCWlmIChoYXZlX3N0YXRlICYmIGhhdmVfc3Rh
dGUtPm9wY29kZSAhPSBPX0NIRUNLX1NUQVRFICYmCisJICAgIGhhdmVfc3RhdGUtPm9wY29k
ZSAhPSBPX1NUQVRFX0FDQ0VQVCAmJgorCSAgICBoYXZlX3N0YXRlLT5vcGNvZGUgIT0gT19T
VEFURV9ERU5ZKSB7CiAJCWZpbGxfY21kKGRzdCwgT19QUk9CRV9TVEFURSwgMCwgMCk7CiAJ
CWRzdCA9IG5leHRfY21kKGRzdCwgJnJibGVuKTsKIAl9CkBAIC00NjA2LDcgKzQ2MzIsOSBA
QAogCS8qCiAJICogcHV0IGJhY2sgdGhlIGhhdmVfc3RhdGUgY29tbWFuZCBhcyBsYXN0IG9w
Y29kZQogCSAqLwotCWlmIChoYXZlX3N0YXRlICYmIGhhdmVfc3RhdGUtPm9wY29kZSAhPSBP
X0NIRUNLX1NUQVRFKSB7CisJaWYgKGhhdmVfc3RhdGUgJiYgaGF2ZV9zdGF0ZS0+b3Bjb2Rl
ICE9IE9fQ0hFQ0tfU1RBVEUgJiYKKwkgICAgaGF2ZV9zdGF0ZS0+b3Bjb2RlICE9IE9fU1RB
VEVfQUNDRVBUICYmCisJICAgIGhhdmVfc3RhdGUtPm9wY29kZSAhPSBPX1NUQVRFX0RFTlkp
IHsKIAkJaSA9IEZfTEVOKGhhdmVfc3RhdGUpOwogCQlDSEVDS19SQlVGTEVOKGkpOwogCQli
Y29weShoYXZlX3N0YXRlLCBkc3QsIGkgKiBzaXplb2YodWludDMyX3QpKTsKSW5kZXg6IHNi
aW4vaXBmdy9pcGZ3Mi5oCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHNiaW4vaXBmdy9pcGZ3Mi5oCShy
ZXZpc2lvbiAyNzgwMjEpCisrKyBzYmluL2lwZncvaXBmdzIuaAkod29ya2luZyBjb3B5KQpA
QCAtMTAzLDYgKzEwMyw4IEBACiAJVE9LX1JFQVNTLAogCVRPS19DQUxMLAogCVRPS19SRVRV
Uk4sCisJVE9LX1NUQVRFX0FDQ0VQVCwKKwlUT0tfU1RBVEVfREVOWSwKIAogCVRPS19BTFRR
LAogCVRPS19MT0csCkluZGV4OiBzeXMvbmV0aW5ldC9pcF9mdy5oCj09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0K
LS0tIHN5cy9uZXRpbmV0L2lwX2Z3LmgJKHJldmlzaW9uIDI3ODAyMSkKKysrIHN5cy9uZXRp
bmV0L2lwX2Z3LmgJKHdvcmtpbmcgY29weSkKQEAgLTI1Myw2ICsyNTMsOSBAQAogCU9fU0VU
RFNDUCwJCS8qIGFyZzE9RFNDUCB2YWx1ZSAqLwogCU9fSVBfRkxPV19MT09LVVAsCS8qIGFy
ZzE9dGFibGUgbnVtYmVyLCB1MzI9dmFsdWUJKi8KIAorCU9fU1RBVEVfQUNDRVBULAkJLyog
bm9uZQkJCQkqLworCU9fU1RBVEVfREVOWSwJCS8qIG5vbmUgCQkJKi8KKwogCU9fTEFTVF9P
UENPREUJCS8qIG5vdCBhbiBvcGNvZGUhCQkqLwogfTsKIApJbmRleDogc3lzL25ldHBmaWwv
aXBmdy9pcF9mdzIuYwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBzeXMvbmV0cGZpbC9pcGZ3L2lwX2Z3
Mi5jCShyZXZpc2lvbiAyNzgwMjEpCisrKyBzeXMvbmV0cGZpbC9pcGZ3L2lwX2Z3Mi5jCSh3
b3JraW5nIGNvcHkpCkBAIC0xODU2LDcgKzE4NTYsNyBAQAogCiAJCQljYXNlIE9fTE9HOgog
CQkJCWlwZndfbG9nKGNoYWluLCBmLCBobGVuLCBhcmdzLCBtLAotCQkJCSAgICBvaWYsIG9m
ZnNldCB8IGlwNmZfbWYsIHRhYmxlYXJnLCBpcCk7CisJCQkJICAgIG9pZiwgb2Zmc2V0IHwg
aXA2Zl9tZiwgdGFibGVhcmcsIGlwLCBxKTsKIAkJCQltYXRjaCA9IDE7CiAJCQkJYnJlYWs7
CiAKQEAgLTIxODgsNyArMjE4OCw3IEBACiAJCQkJYnJlYWs7CiAKIAkJCWNhc2UgT19BQ0NF
UFQ6Ci0JCQkJcmV0dmFsID0gMDsJLyogYWNjZXB0ICovCisJCQkJcmV0dmFsID0gSVBfRldf
UEFTUzsJLyogYWNjZXB0ICovCiAJCQkJbCA9IDA7CQkvKiBleGl0IGlubmVyIGxvb3AgKi8K
IAkJCQlkb25lID0gMTsJLyogZXhpdCBvdXRlciBsb29wICovCiAJCQkJYnJlYWs7CkBAIC0y
NTM4LDYgKzI1MzgsMjQgQEAKIAkJCQlicmVhazsKIAkJCX0KIAorCQkJY2FzZSBPX1NUQVRF
X0FDQ0VQVDoKKwkJCWNhc2UgT19TVEFURV9ERU5ZOiB7CisJCQkJbCA9IDA7CS8qIGluIGFu
eSBjYXNlIGV4aXQgaW5uZXIgbG9vcCAqLworCQkJCWlmIChxID09IE5VTEwgfHwgcS0+cnVs
ZSAhPSBmKSB7CisJCQkJCWlmIChpcGZ3X2luc3RhbGxfc3RhdGUoY2hhaW4sIGYsCisJCQkJ
CSAgICAoaXBmd19pbnNuX2xpbWl0ICopY21kLCBhcmdzLCB0YWJsZWFyZykpIHsKKwkJCQkJ
CS8qIGVycm9yIG9yIGxpbWl0IHZpb2xhdGlvbiAqLworCQkJCQkJcmV0dmFsID0gSVBfRldf
REVOWTsKKwkJCQkJCWRvbmUgPSAxOyAvKiBleGl0IG91dGVyIGxvb3AgKi8KKwkJCQkJfQor
CQkJCX0gZWxzZSB7CisJCQkJCXJldHZhbCA9IGNtZC0+b3Bjb2RlID09IE9fU1RBVEVfQUND
RVBUID8KKwkJCQkJICAgIElQX0ZXX1BBU1MgOiBJUF9GV19ERU5ZOworCQkJCQlkb25lID0g
MTsJLyogZXhpdCBvdXRlciBsb29wICovCisJCQkJfQorCQkJCWJyZWFrOworCQkJfQorCiAJ
CQlkZWZhdWx0OgogCQkJCXBhbmljKCItLSB1bmtub3duIG9wY29kZSAlZFxuIiwgY21kLT5v
cGNvZGUpOwogCQkJfSAvKiBlbmQgb2Ygc3dpdGNoKCkgb24gb3Bjb2RlcyAqLwpJbmRleDog
c3lzL25ldHBmaWwvaXBmdy9pcF9md19keW5hbWljLmMKPT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gc3lz
L25ldHBmaWwvaXBmdy9pcF9md19keW5hbWljLmMJKHJldmlzaW9uIDI3ODAyMSkKKysrIHN5
cy9uZXRwZmlsL2lwZncvaXBfZndfZHluYW1pYy5jCSh3b3JraW5nIGNvcHkpCkBAIC03MDgs
NiArNzA4LDggQEAKIAogCXN3aXRjaCAoY21kLT5vLm9wY29kZSkgewogCWNhc2UgT19LRUVQ
X1NUQVRFOgkvKiBiaWRpciBydWxlICovCisJY2FzZSBPX1NUQVRFX0FMTE9XOgorCWNhc2Ug
T19TVEFURV9ERU5ZOgogCQlxID0gYWRkX2R5bl9ydWxlKCZhcmdzLT5mX2lkLCBpLCBPX0tF
RVBfU1RBVEUsIHJ1bGUpOwogCQlicmVhazsKIApJbmRleDogc3lzL25ldHBmaWwvaXBmdy9p
cF9md19sb2cuYwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBzeXMvbmV0cGZpbC9pcGZ3L2lwX2Z3X2xv
Zy5jCShyZXZpc2lvbiAyNzgwMjEpCisrKyBzeXMvbmV0cGZpbC9pcGZ3L2lwX2Z3X2xvZy5j
CSh3b3JraW5nIGNvcHkpCkBAIC0yNDgsNyArMjQ4LDcgQEAKIHZvaWQKIGlwZndfbG9nKHN0
cnVjdCBpcF9md19jaGFpbiAqY2hhaW4sIHN0cnVjdCBpcF9mdyAqZiwgdV9pbnQgaGxlbiwK
ICAgICBzdHJ1Y3QgaXBfZndfYXJncyAqYXJncywgc3RydWN0IG1idWYgKm0sIHN0cnVjdCBp
Zm5ldCAqb2lmLAotICAgIHVfc2hvcnQgb2Zmc2V0LCB1aW50MzJfdCB0YWJsZWFyZywgc3Ry
dWN0IGlwICppcCkKKyAgICB1X3Nob3J0IG9mZnNldCwgdWludDMyX3QgdGFibGVhcmcsIHN0
cnVjdCBpcCAqaXAsIGlwZndfZHluX3J1bGUgKnEpCiB7CiAJY2hhciAqYWN0aW9uOwogCWlu
dCBsaW1pdF9yZWFjaGVkID0gMDsKQEAgLTQxOSw2ICs0MTksMTggQEAKIAkJCQlzbnByaW50
ZihTTlBBUkdTKGFjdGlvbjIsIDApLCAiQ2FsbCAlZCIsCiAJCQkJICAgIGNtZC0+YXJnMSk7
CiAJCQlicmVhazsKKwkJY2FzZSBPX1NUQVRFX0FDQ0VQVDoKKwkJCWlmIChxICE9IE5VTEwg
JiYgcS0+cnVsZSA9PSBmKQorCQkJCWFjdGlvbiA9ICJBY2NlcHQiOworCQkJZWxzZQorCQkJ
CWFjdGlvbiA9ICJDcmVhdGUgYWNjZXB0IHN0YXRlIjsKKwkJCWJyZWFrOworCQljYXNlIE9f
U1RBVEVfREVOWToKKwkJCWlmIChxICE9IE5VTEwgJiYgcS0+cnVsZSA9PSBmKQorCQkJCWFj
dGlvbiA9ICJEZW55IjsKKwkJCWVsc2UKKwkJCQlhY3Rpb24gPSAiQ3JlYXRlIGRlbnkgc3Rh
dGUiOworCQkJYnJlYWs7CiAJCWRlZmF1bHQ6CiAJCQlhY3Rpb24gPSAiVU5LTk9XTiI7CiAJ
CQlicmVhazsKSW5kZXg6IHN5cy9uZXRwZmlsL2lwZncvaXBfZndfcHJpdmF0ZS5oCj09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT0KLS0tIHN5cy9uZXRwZmlsL2lwZncvaXBfZndfcHJpdmF0ZS5oCShyZXZpc2lv
biAyNzgwMjEpCisrKyBzeXMvbmV0cGZpbC9pcGZ3L2lwX2Z3X3ByaXZhdGUuaAkod29ya2lu
ZyBjb3B5KQpAQCAtMTU0LDcgKzE1NCw3IEBACiB2b2lkIGlwZndfbG9nX2JwZihpbnQpOwog
dm9pZCBpcGZ3X2xvZyhzdHJ1Y3QgaXBfZndfY2hhaW4gKmNoYWluLCBzdHJ1Y3QgaXBfZncg
KmYsIHVfaW50IGhsZW4sCiAgICAgc3RydWN0IGlwX2Z3X2FyZ3MgKmFyZ3MsIHN0cnVjdCBt
YnVmICptLCBzdHJ1Y3QgaWZuZXQgKm9pZiwKLSAgICB1X3Nob3J0IG9mZnNldCwgdWludDMy
X3QgdGFibGVhcmcsIHN0cnVjdCBpcCAqaXApOworICAgIHVfc2hvcnQgb2Zmc2V0LCB1aW50
MzJfdCB0YWJsZWFyZywgc3RydWN0IGlwICppcCwgaXBmd19keW5fcnVsZSAqcSk7CiBWTkVU
X0RFQ0xBUkUodV9pbnQ2NF90LCBub3J1bGVfY291bnRlcik7CiAjZGVmaW5lCVZfbm9ydWxl
X2NvdW50ZXIJVk5FVChub3J1bGVfY291bnRlcikKIFZORVRfREVDTEFSRShpbnQsIHZlcmJv
c2VfbGltaXQpOwpJbmRleDogc3lzL25ldHBmaWwvaXBmdy9pcF9md19zb2Nrb3B0LmMKPT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PQotLS0gc3lzL25ldHBmaWwvaXBmdy9pcF9md19zb2Nrb3B0LmMJKHJldmlz
aW9uIDI3ODAyMSkKKysrIHN5cy9uZXRwZmlsL2lwZncvaXBfZndfc29ja29wdC5jCSh3b3Jr
aW5nIGNvcHkpCkBAIC0xNjQ1LDYgKzE2NDUsOCBAQAogCQljYXNlIE9fU0tJUFRPOgogCQlj
YXNlIE9fUkVBU1M6CiAJCWNhc2UgT19DQUxMUkVUVVJOOgorCQljYXNlIE9fU1RBVEVfQUND
RVBUOgorCQljYXNlIE9fU1RBVEVfREVOWToKIGNoZWNrX3NpemU6CiAJCQlpZiAoY21kbGVu
ICE9IEZfSU5TTl9TSVpFKGlwZndfaW5zbikpCiAJCQkJZ290byBiYWRfc2l6ZTsK
--------------040906070105090005040205
Content-Type: application/octet-stream;
name="ipfw-state-actions.diff.sig"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="ipfw-state-actions.diff.sig"
iQJ8BAABCgBmBQJUz81FXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9wZW5wZ3Au
ZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFFQUIwM0M1OEJGREM0
NzhGAAoJEOqwPFi/3EePADAP/3EHzxUT1adKBR/DeDZ4gx5laQcFfc22KbN5v/b4ccHyrc+X
/25W6ejKGSPU92wTyUX2QX3Y2u80SmkSYEd9gOV8JWgepwhK3aObuIKbr7tG0TOmRlXO533+
pUkgV0VAGPyXrsUtd3fPORYOGqc4AMCGP357efFIZdD3DPLnUgFaSN+StLH/zXC+eEOSTc9Q
YauXwK0mpt9C7DCNq4oKQ+t9z7QeVFnTIzZzhGhgA4ZMsOD19mPDDOBRPIAncZkc7CvpLxQp
Br6clTHOyzu4I1wLo8QDE5TAPpfMRTvbseQXbnVVPuFpZI5O6gVqqr8ldhJUdx95rnBjMees
TvuR4VGDcfgRHTZU7+fVupxCQHuPnswisS4mpzRvQJUGoRobDkGFf6EWzVgT4HkLukq47EPJ
Oqi+IyUjFtFn14NXoAuzJpyMMbGfoURGNXgosInYwWRFJH0Jd8LxZQM3hPMvpa77LhebPdi1
rZQsOA75Bk9I4K1VKJ/D3nPz2CduUyalVnwNAPhU1754UxB0BvJcFwAgqlyEJ3NPYCa7oCZJ
IX6jWMorJ8Exfe8lPc6ZKWEWYE0MkEezCqb79+uxls8cB9Iz6Uq4Jg7H88NKGEgw5OHb8Ifo
q0b6/kxu9fePqpqyWM3dLaCtyN4t4iWduAlpojyoXoMtpSKbAC4FfeIOnYpl
--------------040906070105090005040205--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54CFCD45.9070304>