Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 26 May 2016 13:11:13 +0300
From:      Dmitry Selivanov <>
To:        "Andrey V. Elsukov" <>, freebsd-ipfw <>
Subject:   Re: [RFC] ipfw named states support
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
18.05.2016 17:46, Andrey V. Elsukov пишет:
> We have the patch that adds named states support to ipfw.
> The idea is that we add a symbolic name-label to each dynamic state in
> addition to IP addresses, protocol and ports.
> This introduces new syntax for check-state and keep-state rules:
>   check-state { token | default | any }
>   keep-state { token | default }

> 1. Is this feature useful?
> 2. How to commit it? Due to changed syntax it can break existing
> rulesets. Probably, we can add some mandatory prefix to state name, e.g.
> ':'.
Maybe create new opcode, e.g. "save-state", and deprecate "keep-state" with "save-state default".
I'm sorry I didn't understand what Lev Serebryakov suggests, and I could duplicate his suggestion.

Maybe there is a sense to add "search-state" option and use it instead of "check-state" action. E.g. "allow dst-port 80 search-state NAME".

Want to link to this message? Use this URL: <>