Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 3 Sep 2008 16:44:04 +0200
From:      Guido van Rooij <guido@gvr.org>
To:        Artis Caune <artis.caune@gmail.com>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: keeping state on outgoing connections fails (?)
Message-ID:  <20080903144404.GB28697@gvr.gvr.org>
In-Reply-To: <9e20d71e0809030732v2d202cc5x74a33977d8d9ac64@mail.gmail.com>
References:  <20080903110943.GA25396@gvr.gvr.org> <48BE864C.6000006@radel.com> <20080903125407.GA27232@gvr.gvr.org> <48BE9038.8020303@radel.com> <20080903135204.GA28111@gvr.gvr.org> <48BE9B74.90404@radel.com> <9e20d71e0809030732v2d202cc5x74a33977d8d9ac64@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 03, 2008 at 05:32:25PM +0300, Artis Caune wrote:
> >>>> I did test the folowing ruleset:
> >>>> pass in quick on ep0 inet from 1.2.3.1 to 10.0.0.2 keep state
> >>>> block drop out log quick on ep0 all
> >>>> pass out quick on bge0 inet proto tcp from 1.2.3.1 to 10.0.0.2
> 
> maybe "set skip on ep0" ?
> 

Nope. There will be outgoing keep state rules on ep0. But not fro connections
which are already in the state table.

besides the skip would roll out all incoming rules as well.

-Guido



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080903144404.GB28697>