From owner-freebsd-ipfw@FreeBSD.ORG  Fri Aug 31 00:44:22 2007
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1D0A316A41A
	for <freebsd-ipfw@freebsd.org>; Fri, 31 Aug 2007 00:44:22 +0000 (UTC)
	(envelope-from r.fulton@auckland.ac.nz)
Received: from mailhost.auckland.ac.nz (larry.its.auckland.ac.nz
	[130.216.12.34])
	by mx1.freebsd.org (Postfix) with ESMTP id D8F9513C459
	for <freebsd-ipfw@freebsd.org>; Fri, 31 Aug 2007 00:44:21 +0000 (UTC)
	(envelope-from r.fulton@auckland.ac.nz)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by mailhost.auckland.ac.nz (Postfix) with ESMTP id BDFDC18550
	for <freebsd-ipfw@freebsd.org>; Fri, 31 Aug 2007 12:43:47 +1200 (NZST)
X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz
Received: from mailhost.auckland.ac.nz ([127.0.0.1])
	by localhost (larry.its.auckland.ac.nz [127.0.0.1]) (amavisd-new,
	port 10024)
	with ESMTP id ClyoTppNa1Tn for <freebsd-ipfw@freebsd.org>;
	Fri, 31 Aug 2007 12:43:47 +1200 (NZST)
Received: from bluebottle.insec.auckland.ac.nz
	(bluebottle.insec.auckland.ac.nz [130.216.4.12])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mailhost.auckland.ac.nz (Postfix) with ESMTP id 9EB771854D
	for <freebsd-ipfw@freebsd.org>; Fri, 31 Aug 2007 12:43:47 +1200 (NZST)
Message-ID: <46D76443.80407@auckland.ac.nz>
Date: Fri, 31 Aug 2007 12:43:47 +1200
From: Russell Fulton <r.fulton@auckland.ac.nz>
User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728)
MIME-Version: 1.0
To: freebsd-ipfw@freebsd.org
X-Enigmail-Version: 0.95.3
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: beginners questions
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Aug 2007 00:44:22 -0000

Before you ask, yes I've RTFM ;)  which was very imformative and there
are still some things that I have missed.

1/  Is there a way of reloading rules while maintaining the state table
or is this the default?  (put another way does flush affect dynamic rules).

2/ we are using state and also shaping traffic via pipes.  What
interaction, if any is there between pipes and state?  i.e. if a packet
gets sent to a pipe will other traffic that is matched by the dynamic
rule also get sent to the pipe?

3/ are pipes bidirectional?  I.e. do I need to say

add 02421 pipe 6 all from 130.216.95.0/24 to any
add 02422 pipe 7 all from any to 130.216.95.0/24

Cheers and thanks

Russell