Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 9 Jun 2009 00:12:44 +0200
From:      =?ISO-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org>
To:        vila@tesla.cujae.edu.cu, =?ISO-8859-1?B?SXN0duFu?= <leccine@gmail.com>,  freebsd-pf@freebsd.org
Subject:   Re: Connmark target
Message-ID:  <9a542da30906081512v340b590fme0291f4fdd69db56@mail.gmail.com>
In-Reply-To: <20090608205312.GS5596@verio.net>
References:  <20090606124949.japda2vrkck4wk8o@correo.cujae.edu.cu>  <9a542da30906060955i4a1097bcpad5fd78587d7e169@mail.gmail.com>  <20090606131545.kk8k1qf7a8oc4os8@correo.cujae.edu.cu> <b8592ed80906061020n1d7f582fh42a0c94dcda2cfe1@mail.gmail.com>  <20090606135250.3n87bzp88wc4kgk8@correo.cujae.edu.cu> <b8592ed80906061111h4157a78cl365d160437b88426@mail.gmail.com>  <20090606142940.0c42ju9uswkg4w8s@correo.cujae.edu.cu> <b8592ed80906061243k17c46004j5b91cc4a41a6bda2@mail.gmail.com>  <20090607132751.18wu3idnkgcgkss8@correo.cujae.edu.cu> <20090608205312.GS5596@verio.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 8, 2009 at 10:53 PM, David DeSimone<fox@verio.net> wrote:
> vila@tesla.cujae.edu.cu <vila@tesla.cujae.edu.cu> wrote:
>>
>> by the way, anyone knows if there are plans to include connection mark
>> capabilities to pf.
>>
>> i say this because until now is the only way i=B4ve found to solve my
>> issue.
>
> I think the real question is whether tags become part of connection
> "state".
>
> For instance:
>
> =A0 =A0pass in quick on $INT_IF from $NETWORK to any tag "INTERNAL" keep =
state

pass in quick on $INT_IF from $NETWORK to any tag "INTERNAL" tagged
INTERNAL keep state

>
> =A0 =A0pass out quick on $EXT_IF tagged "INTERNAL" keep state

pass out quick on $EXT_IF tag INTERNAL tagged "INTERNAL" keep state

In this way it would work.
>
> So, when a packet comes in on $INT_IF and goes out $EXT_IF, obviously it
> will have tag "INTERNAL" attached to it. =A0However, when the reply packe=
t
> comes back in $EXT_IF and makes its way back to $INT_IF, will it also
> have the "INTERNAL" tag attached? =A0If it does, that would make ALTQ abl=
e
> to assign it and classify it and queue it the way people want. =A0But the
> question is, is the tagging considered part of the "state" that is kept
> in the state table?
>
> --
> David DeSimone =3D=3D Network Admin =3D=3D fox@verio.net
> =A0"I don't like spinach, and I'm glad I don't, because if I
> =A0 liked it I'd eat it, and I just hate it." -- Clarence Darrow
>
>
> This email message is intended for the use of the person to whom it has b=
een sent, and may contain information that is confidential or legally prote=
cted. If you are not the intended recipient or have received this message i=
n error, you are not authorized to copy, distribute, or otherwise use this =
message or its attachments. Please notify the sender immediately by return =
e-mail and permanently delete this message and any attachments. Verio, Inc.=
 makes no warranty that this email is error or virus free. =A0Thank you.
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>



--=20
Ermal



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9a542da30906081512v340b590fme0291f4fdd69db56>