Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 3 Aug 2002 20:53:10 -0500 (CDT)
From:      Nick Rogness <>
Cc:        Joe & Fhe Barbish <>, FBIPFW <freebsd-ipfw@FreeBSD.ORG>,,,,,,, ru@FreeBSD.ORG,
Subject:   Re: natd & keep-state
Message-ID:  <>
In-Reply-To: <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Sat, 3 Aug 2002, Crist J. Clark wrote:

> Fine, whatever. But the ipfw(8) and natd(8) developers seem to hold
> the same opinion. Maybe if you proposed some possible way for natd(8)
> and 'keep-state' rules to work well together someone could do it.

	FWIW, you can modify the behavior of "check-state" to "JUMP TO
	RULE NUMBER XXX on stateful match" and solve most of the problems
	associated with natd & stateful inspection.  Right now,
	if check-state finds a match it stops...we need it to optionally
	JUMP_TO RULE XXX.  Kinda like "skipto" functionality.

	I talked to Luigi about this and he didn't understand what I 
	meant (which is my fault).  But I believe the concept is still

Nick Rogness <>
 - Don't mind me...I'm just sniffing your packets

To Unsubscribe: send mail to
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <>