From owner-freebsd-pf@FreeBSD.ORG Mon Jun 8 22:13:06 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8A0B0106566C for ; Mon, 8 Jun 2009 22:13:06 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-gx0-f207.google.com (mail-gx0-f207.google.com [209.85.217.207]) by mx1.freebsd.org (Postfix) with ESMTP id 395118FC24 for ; Mon, 8 Jun 2009 22:13:06 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: by gxk3 with SMTP id 3so151751gxk.19 for ; Mon, 08 Jun 2009 15:13:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:from:date:x-google-sender-auth:message-id:subject:to :content-type:content-transfer-encoding; bh=QxSsE55ujH1uoEubt+bR0fSWlYJqKWLnVGV+lj48SvA=; b=Si1Fum//u+6YykSYfVnoMEnMKXK0nK57KGfBmQ2gRDCulwSy0R3/45e8QIB1dalJAw +vDUI0xqSyd+uJfH3xZ1oBVl/tlv2uidry5AMGHIjTaCqDmVBtJxLBpZrQ/ZMiIkLNQe EcgJIZAfT7NBEfFjJaE/9wC9yGHIzCEkYkBk0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:content-type :content-transfer-encoding; b=rzOo6LXaYhdIePn+SwqtU5kUo0Ng5t9Evu8nKIDXwrdGBjKz0uhwO6IxmspopUNA74 oN8Gj69oT7tVemXvUweEclukziU2Swx1sPPL7rvggMcRriAnjJbtAONkaMNLXSNtpnmV P6ZeZ5Qw5nONrBL+6ajYka1WVcWYbIrEso6Ig= MIME-Version: 1.0 Sender: ermal.luci@gmail.com Received: by 10.150.49.4 with SMTP id w4mr13613939ybw.71.1244499184525; Mon, 08 Jun 2009 15:13:04 -0700 (PDT) In-Reply-To: <20090608205312.GS5596@verio.net> References: <20090606124949.japda2vrkck4wk8o@correo.cujae.edu.cu> <9a542da30906060955i4a1097bcpad5fd78587d7e169@mail.gmail.com> <20090606131545.kk8k1qf7a8oc4os8@correo.cujae.edu.cu> <20090606135250.3n87bzp88wc4kgk8@correo.cujae.edu.cu> <20090606142940.0c42ju9uswkg4w8s@correo.cujae.edu.cu> <20090607132751.18wu3idnkgcgkss8@correo.cujae.edu.cu> <20090608205312.GS5596@verio.net> From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= Date: Tue, 9 Jun 2009 00:12:44 +0200 X-Google-Sender-Auth: 8e8d8e1dcbc51585 Message-ID: <9a542da30906081512v340b590fme0291f4fdd69db56@mail.gmail.com> To: vila@tesla.cujae.edu.cu, =?ISO-8859-1?B?SXN0duFu?= , freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: Subject: Re: Connmark target X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2009 22:13:06 -0000 On Mon, Jun 8, 2009 at 10:53 PM, David DeSimone wrote: > vila@tesla.cujae.edu.cu wrote: >> >> by the way, anyone knows if there are plans to include connection mark >> capabilities to pf. >> >> i say this because until now is the only way i=B4ve found to solve my >> issue. > > I think the real question is whether tags become part of connection > "state". > > For instance: > > =A0 =A0pass in quick on $INT_IF from $NETWORK to any tag "INTERNAL" keep = state pass in quick on $INT_IF from $NETWORK to any tag "INTERNAL" tagged INTERNAL keep state > > =A0 =A0pass out quick on $EXT_IF tagged "INTERNAL" keep state pass out quick on $EXT_IF tag INTERNAL tagged "INTERNAL" keep state In this way it would work. > > So, when a packet comes in on $INT_IF and goes out $EXT_IF, obviously it > will have tag "INTERNAL" attached to it. =A0However, when the reply packe= t > comes back in $EXT_IF and makes its way back to $INT_IF, will it also > have the "INTERNAL" tag attached? =A0If it does, that would make ALTQ abl= e > to assign it and classify it and queue it the way people want. =A0But the > question is, is the tagging considered part of the "state" that is kept > in the state table? > > -- > David DeSimone =3D=3D Network Admin =3D=3D fox@verio.net > =A0"I don't like spinach, and I'm glad I don't, because if I > =A0 liked it I'd eat it, and I just hate it." -- Clarence Darrow > > > This email message is intended for the use of the person to whom it has b= een sent, and may contain information that is confidential or legally prote= cted. If you are not the intended recipient or have received this message i= n error, you are not authorized to copy, distribute, or otherwise use this = message or its attachments. Please notify the sender immediately by return = e-mail and permanently delete this message and any attachments. Verio, Inc.= makes no warranty that this email is error or virus free. =A0Thank you. > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > --=20 Ermal