Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 3 Aug 2002 21:20:50 -0700
From:      Luigi Rizzo <rizzo@icir.org>
To:        Nick Rogness <nick@rogness.net>
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: natd & keep-state
Message-ID:  <20020803212050.A5279@iguana.icir.org>
In-Reply-To: <Pine.BSF.4.21.0208032039350.28420-100000@cody.jharris.com>; from nick@rogness.net on Sat, Aug 03, 2002 at 08:53:10PM -0500
References:  <20020803212854.GA55652@blossom.cjclark.org> <Pine.BSF.4.21.0208032039350.28420-100000@cody.jharris.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
I still do not follow... isn't this exactly what you want ?

    ipfw add skipto 5000 <bla bla bla> keep-state

check-state does not stop, it just executes whatever action is
specified for the original rule from which the state was created.
So if that one is a skipto you have a skipto.

	cheers
	luigi

On Sat, Aug 03, 2002 at 08:53:10PM -0500, Nick Rogness wrote:
...
> 
> 	FWIW, you can modify the behavior of "check-state" to "JUMP TO
> 	RULE NUMBER XXX on stateful match" and solve most of the problems
> 	associated with natd & stateful inspection.  Right now,
> 	if check-state finds a match it stops...we need it to optionally
> 	JUMP_TO RULE XXX.  Kinda like "skipto" functionality.
> 
> 	I talked to Luigi about this and he didn't understand what I 
> 	meant (which is my fault).  But I believe the concept is still
> 	sound.
> 
> 
> Nick Rogness <nick@rogness.net>
>  - Don't mind me...I'm just sniffing your packets
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-ipfw" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20020803212050.A5279>