FreeBSD Mail Archives

Date:      Wed, 04 Feb 2015 19:11:46 +0800
From:      Julian Elischer <julian@freebsd.org>
To:        lev@FreeBSD.org, freebsd-ipfw@freebsd.org
Subject:   Re: [RFC][patch] Two new actions: state-allow and state-deny
Message-ID:  <54D1FE72.1020508@freebsd.org>
In-Reply-To: <54D1E4D4.10106@FreeBSD.org>
References:  <54CFCD45.9070304@FreeBSD.org> <20150203205715.A38620@sola.nimnet.asn.au> <54D0A1AA.4080402@FreeBSD.org> <54D1AA60.4030907@freebsd.org> <54D1E4D4.10106@FreeBSD.org>

On 2/4/15 5:22 PM, Lev Serebryakov wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 04.02.2015 08:13, Julian Elischer wrote:
>
>> yes I think "keep-state" should be deprecated and replaced or
>> supplemented by 'save_state'  that does NOT do an implicit
>> 'check-state'.. I don't know whose idea that was but it's just
>> wrong. (if the state exists, maybe just replace it..)
>    Update, not replace :)
>    See my Version-3 patch for "record-state" :)
I meant a function that acts like 'keep-state' except it does not do a 
'check-state'.
Im suggesting adding yet-another command. a 'fixed' keep-state.

I sort of know why they did it.. so that if the state for that session 
already exists,
the original state rule is used and not the new rule. but ..it fires 
on other packets
as well as the one you are working with.


>
> - -- 
> // Lev Serebryakov AKA Black Lion
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
>
> iQJ8BAEBCgBmBQJU0eTUXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF
> QUIwM0M1OEJGREM0NzhGAAoJEOqwPFi/3EePoS0P/iCMeTo+fFA4iGwe/8FnlF+y
> 899fomt4tzOBppxg1r5/xx11OMB9DJ6VG1z8+61gzIg1jgxvAIBTBGz5oxIgyfv5
> mtbEbfhsxsABYTASjwIQymxR1zvLCbyd7fWgDRhM8YJYEy/akWNzOwtbokrkK1Ww
> 3j2IODup3onYr5LhwoQZGPdtmIyH10rnEcs49IWUs1ZweWlJx7XRQOGBAepTQRx9
> bh/D0owV1j9BBzyqd5n54aXiQpMKMIdOihmNOOUYhl0B3GksacWguV7Keabbv0Dh
> Nnk3g/GrBYJPdmF0JqkocjrGxSuWAwBXfdXg3SoG8l1dPqaDg8UNVXq7VthS7FKO
> 8jyoRXaptbcrTjgG0SHdfnSzbhpLj78/PdGi1VvJwrvjnK2MNb6dZ2PE3E88ScgM
> f7OIOef9GyLwgAPqn6TJeiC7Oddvq+vL1vEigqLMJscJ4ErwqX8RVidbkYdNmKCf
> HYSd9mSJgkAMUH7q2U5PCRY9Ay6BOkuGHEqvMHGFClqBWb81RTyT8ZR+BL+JeqRr
> QNilMWvUXJSGEcvMYijKiv2EVDB6by3sY2SK9KLa93H0jY1nR3XPpilpyLcHLzN9
> 5aVknqR2/TzFDS1BiSEg/wYipyqjgIyHTqqxj0Vd0pnZMSw3AqdrOSLz8mHJzXKp
> 3J8Y7Lw7fuM1N8Doq2Md
> =/M0i
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54D1FE72.1020508>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation