Date: Tue, 03 Feb 2015 19:13:15 +0300 From: Lev Serebryakov <lev@FreeBSD.org> To: freebsd-ipfw <freebsd-ipfw@freebsd.org>, freebsd-net <freebsd-net@freebsd.org> Cc: julian@freebsd.org, melifaro@FreeBSD.org Subject: [RFC][patch] New "keep-state-only" option Message-ID: <54D0F39B.4070707@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------050009060301010507000304
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Ok, "allow-state"/"deny-state" was very limited idea.
Here is more universal mechanism: new "keep-state-only" (aliased as
"record-only") option, which works exactly as "keep-state" BUT cancel
match of rule after state creation. It allows to write stateful + nat
firewall as easy as:
nat 1 config if outIface
1000 skipto 2000 in
skipto 3000 out
deny all from any to any // Safeguard
2000 skipto 4000 recv inIface
skipto 6000 recv outIface
deny all from any to any // Safeguard
3000 skipto 5000 xmit inIface
skipto 7000 xmit outIface
deny all from any to any // Safeguard
4000 // For sake of simplicity!
// Real firewall will have some checks about local network here
allow all from any to any
deny all from any to any // Safeguard
5000 // For sake of simplicity!
// Real firewall will have some checks about local network here
allow all from any to any
deny all from any to any // Safeguard
6000 deny all not dst-ip $EXT_IP
nat 1 all from any to any
// All enabled with "keep-state-only" at block 7000 before NAT
check-state all from any to any
// Here could be accept rules for our servers or servers in DMZ
// Disable everything else
deny all from any to any
7000 // Here goes rules which could DISABLE outbound external traffic
// Create state for "check-state" at block 6000 and fallthrough
allow keep-state-only
allow src-ip $EXT_IP // Save NAT some work
nat 1 all from any to any
allow all from any to any
deny all from any to any // Safeguard
And variants with multiple NATs and "nat global" becomes as easy as
this, too! No stupid "skipto", no "keep-state" at "incoming from local
network" parts of firewall, nothing!
P.S. I HATE this "all any to any" part!
- --
// Lev Serebryakov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQJ8BAEBCgBmBQJU0POaXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF
QUIwM0M1OEJGREM0NzhGAAoJEOqwPFi/3EePR+gP/1Oxi+h7pi0UlnqfrKyfHJRS
FUbrMNeR9NATnTwxIK1UxNT1kF3m7wiwnFlgwW7rwLtTviFB1wK/pfd38l2h4t/w
qUbtyK4PFMCq8I6wAJIB0qUl3C/mN1rwc+LSJJyFM07R52snoQs6FvkIYkCz0fOy
Cak1f/P+scc21IRhFvYJXMMDO/1Y1nkxZk/HdHbn1GELpTXuHugvL1T9hHl98sqO
HKlHnvtqAVlyZn9Sv3uC9nsyjFA2sdOCtb67UGnPDV3CIs4Jwj5CSst5jbz13qFG
aXF8ZSm0coPJMUjH1PSogZM9Xiq23yZ47V0mesBxQsHL24548jM/wKcsR3buDjP7
NJ2rqo2OBCzTu6VCK2oIY5j9A6vq1mu8+/eBs5jF4C2k0xHiw53Okou7zOCA0gJ+
z+VGZvD3la/+tFjacty7Ra7LLNA8kNCnRa0QML7LOJ1/99a4l3Z/uGFxy5zYnk7d
p27Y85CAhTJQjkYZSGAiFD5SE4XxRqtSJ9OL89w7vLxoHqW0rqwi+DVrr9uvXQZS
8Z5G5iQARG4ygXuKsl6MlwChCXa3ucbOs41lorrug94cuVCwGg859zBZY3dpQsKz
XIhtVQS21wPLxXywzIc678ar4uKVWNiaRWg+k57O7375gAszvqujRuTEcfHRf/T+
gHJJZt8Tc+en4bw8XItY
=wOAJ
-----END PGP SIGNATURE-----
--------------050009060301010507000304
Content-Type: text/plain; charset=windows-1251;
name="ipfw-state-only.diff"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="ipfw-state-only.diff"
SW5kZXg6IHNiaW4vaXBmdy9pcGZ3LjgKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gc2Jpbi9pcGZ3L2lw
ZncuOAkocmV2aXNpb24gMjc4MTUxKQorKysgc2Jpbi9pcGZ3L2lwZncuOAkod29ya2luZyBj
b3B5KQpAQCAtMTY2LDcgKzE2Niw4IEBACiBkZXBlbmRpbmcgb24gaG93IHRoZSBrZXJuZWwg
aXMgY29uZmlndXJlZC4KIC5QcAogSWYgdGhlIHJ1bGVzZXQgaW5jbHVkZXMgb25lIG9yIG1v
cmUgcnVsZXMgd2l0aCB0aGUKLS5DbSBrZWVwLXN0YXRlCisuQ20ga2VlcC1zdGF0ZSAsCisu
Q20ga2VlcC1zdGF0ZS1vbmx5CiBvcgogLkNtIGxpbWl0CiBvcHRpb24sCkBAIC0xODAsNyAr
MTgxLDggQEAKIER5bmFtaWMgcnVsZXMsIHdoaWNoIGhhdmUgYSBsaW1pdGVkIGxpZmV0aW1l
LCBhcmUgY2hlY2tlZAogYXQgdGhlIGZpcnN0IG9jY3VycmVuY2Ugb2YgYQogLkNtIGNoZWNr
LXN0YXRlICwKLS5DbSBrZWVwLXN0YXRlCisuQ20ga2VlcC1zdGF0ZSAsCisuQ20ga2VlcC1z
dGF0ZS1vbmx5CiBvcgogLkNtIGxpbWl0CiBydWxlLCBhbmQgYXJlIHR5cGljYWxseSB1c2Vk
IHRvIG9wZW4gdGhlIGZpcmV3YWxsIG9uLWRlbWFuZCB0bwpAQCAtNTgyLDcgKzU4NCw4IEBA
CiBwYWNrZXQgZGVsaXZlcnkuCiAuUHAKIE5vdGU6IHRoaXMgY29uZGl0aW9uIGlzIGNoZWNr
ZWQgYmVmb3JlIGFueSBvdGhlciBjb25kaXRpb24sIGluY2x1ZGluZwotb25lcyBzdWNoIGFz
IGtlZXAtc3RhdGUgb3IgY2hlY2stc3RhdGUgd2hpY2ggbWlnaHQgaGF2ZSBzaWRlIGVmZmVj
dHMuCitvbmVzIHN1Y2ggYXMga2VlcC1zdGF0ZSwga2VlcC1zdGF0LW9ubHkgb3IgY2hlY2st
c3RhdGUgd2hpY2ggbWlnaHQgaGF2ZQorc2lkZSBlZmZlY3RzLgogLkl0IENtIGxvZyBPcCBD
bSBsb2dhbW91bnQgQXIgbnVtYmVyCiBQYWNrZXRzIG1hdGNoaW5nIGEgcnVsZSB3aXRoIHRo
ZQogLkNtIGxvZwpAQCAtNzQ4LDcgKzc1MSw4IEBACiBJZiBubwogLkNtIGNoZWNrLXN0YXRl
CiBydWxlIGlzIGZvdW5kLCB0aGUgZHluYW1pYyBydWxlc2V0IGlzIGNoZWNrZWQgYXQgdGhl
IGZpcnN0Ci0uQ20ga2VlcC1zdGF0ZQorLkNtIGtlZXAtc3RhdGUgLAorLkNtIGtlZXAtc3Rh
dGUtb25seSAsCiBvcgogLkNtIGxpbWl0CiBydWxlLgpAQCAtMTU4Myw2ICsxNTg3LDE0IEBA
CiAuWHIgc3lzY3RsIDgKIHZhcmlhYmxlcyksIGFuZCB0aGUgbGlmZXRpbWUgaXMgcmVmcmVz
aGVkIGV2ZXJ5IHRpbWUgYSBtYXRjaGluZwogcGFja2V0IGlzIGZvdW5kLgorLkl0IENtIGtl
ZXAtc3RhdGUtb25seSB8IHJlY29yZC1vbmx5CitVcG9uIGEgbWF0Y2gsIHRoZSBmaXJld2Fs
bCB3aWxsIGNyZWF0ZSBhIGR5bmFtaWMgcnVsZSBhcyBpZgorLkNtIGtlZXAtc3RhdGUKK3dh
cyBzcGVjaWZpZWQsIGJ1dCBhZnRlciB0aGF0IG1hdGNoIGlzIGNhbmNlbGxlZCBhbmQgdGhl
IHNlYXJjaAorY29udGludWVzIHdpdGggdGhlIG5leHQgcnVsZS4KK09uIGR5bmFtaWMgcnVs
ZSBtYXRjaCBhY3Rpb24sIHNwZWNpZmllZCBpbiB0aGlzIHJ1bGUsCitwZXJmb3JtZWQgYXMg
aWYgcnVsZSBjb250YWlucworLkNtIGtlZXAtc3RhdGUgLgogLkl0IENtIGxheWVyMgogTWF0
Y2hlcyBvbmx5IGxheWVyMiBwYWNrZXRzLCBpLmUuLCB0aG9zZSBwYXNzZWQgdG8KIC5ObQpJ
bmRleDogc2Jpbi9pcGZ3L2lwZncyLmMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gc2Jpbi9pcGZ3L2lw
ZncyLmMJKHJldmlzaW9uIDI3ODE1MSkKKysrIHNiaW4vaXBmdy9pcGZ3Mi5jCSh3b3JraW5n
IGNvcHkpCkBAIC0yOTIsNiArMjkyLDggQEAKIAl7ICJpbiIsCQkJVE9LX0lOIH0sCiAJeyAi
bGltaXQiLAkJVE9LX0xJTUlUIH0sCiAJeyAia2VlcC1zdGF0ZSIsCQlUT0tfS0VFUFNUQVRF
IH0sCisJeyAicmVjb3JkLXN0YXRlIiwJVE9LX1NUQVRFX09OTFkgfSwKKwl7ICJrZWVwLXN0
YXRlLW9ubHkiLAlUT0tfU1RBVEVfT05MWSB9LAogCXsgImJyaWRnZWQiLAkJVE9LX0xBWUVS
MiB9LAogCXsgImxheWVyMiIsCQlUT0tfTEFZRVIyIH0sCiAJeyAib3V0IiwJCVRPS19PVVQg
fSwKQEAgLTE5OTMsNiArMTk5NSwxMCBAQAogCQkJCWJwcmludGYoYnAsICIga2VlcC1zdGF0
ZSIpOwogCQkJCWJyZWFrOwogCisJCQljYXNlIE9fU1RBVEVfT05MWToKKwkJCQlicHJpbnRm
KGJwLCAiIGtlZXAtc3RhdGUtb25seSIpOworCQkJCWJyZWFrOworCiAJCQljYXNlIE9fTElN
SVQ6IHsKIAkJCQlzdHJ1Y3QgX3NfeCAqcCA9IGxpbWl0X21hc2tzOwogCQkJCWlwZndfaW5z
bl9saW1pdCAqYyA9IChpcGZ3X2luc25fbGltaXQgKiljbWQ7CkBAIC00MzM1LDE0ICs0MzQx
LDE2IEBACiAJCQlicmVhazsKIAogCQljYXNlIFRPS19LRUVQU1RBVEU6CisJCWNhc2UgVE9L
X1NUQVRFX09OTFk6CiAJCQlpZiAob3Blbl9wYXIpCi0JCQkJZXJyeChFWF9VU0FHRSwgImtl
ZXAtc3RhdGUgY2Fubm90IGJlIHBhcnQgIgorCQkJCWVycngoRVhfVVNBR0UsICJrZWVwLXN0
YXRlIG9yIGtlZXAtc3RhdGUtb25seSBjYW5ub3QgYmUgcGFydCAiCiAJCQkJICAgICJvZiBh
biBvciBibG9jayIpOwogCQkJaWYgKGhhdmVfc3RhdGUpCiAJCQkJZXJyeChFWF9VU0FHRSwg
Im9ubHkgb25lIG9mIGtlZXAtc3RhdGUgIgogCQkJCQkiYW5kIGxpbWl0IGlzIGFsbG93ZWQi
KTsKIAkJCWhhdmVfc3RhdGUgPSBjbWQ7Ci0JCQlmaWxsX2NtZChjbWQsIE9fS0VFUF9TVEFU
RSwgMCwgMCk7CisJCQlmaWxsX2NtZChjbWQsIGkgPT0gVE9LX0tFRVBTVEFURSA/CisJCQkJ
T19LRUVQX1NUQVRFIDogT19TVEFURV9PTkxZLCAwLCAwKTsKIAkJCWJyZWFrOwogCiAJCWNh
c2UgVE9LX0xJTUlUOiB7CkBAIC00NTg1LDcgKzQ1OTMsNyBAQAogCQlkc3QgPSBuZXh0X2Nt
ZChkc3QsICZyYmxlbik7CiAJfQogCi0JLyogY29weSBhbGwgY29tbWFuZHMgYnV0IE9fTE9H
LCBPX0tFRVBfU1RBVEUsIE9fTElNSVQsIE9fQUxUUSwgT19UQUcgKi8KKwkvKiBjb3B5IGFs
bCBjb21tYW5kcyBidXQgT19MT0csIE9fS0VFUF9TVEFURSwgT19TVEFURV9PTkxZLCBPX0xJ
TUlULCBPX0FMVFEsIE9fVEFHICovCiAJZm9yIChzcmMgPSAoaXBmd19pbnNuICopY21kYnVm
OyBzcmMgIT0gY21kOyBzcmMgKz0gaSkgewogCQlpID0gRl9MRU4oc3JjKTsKIAkJQ0hFQ0tf
UkJVRkxFTihpKTsKQEAgLTQ1OTMsNiArNDYwMSw3IEBACiAJCXN3aXRjaCAoc3JjLT5vcGNv
ZGUpIHsKIAkJY2FzZSBPX0xPRzoKIAkJY2FzZSBPX0tFRVBfU1RBVEU6CisJCWNhc2UgT19T
VEFURV9PTkxZOgogCQljYXNlIE9fTElNSVQ6CiAJCWNhc2UgT19BTFRROgogCQljYXNlIE9f
VEFHOgpJbmRleDogc2Jpbi9pcGZ3L2lwZncyLmgKPT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gc2Jpbi9p
cGZ3L2lwZncyLmgJKHJldmlzaW9uIDI3ODE1MSkKKysrIHNiaW4vaXBmdy9pcGZ3Mi5oCSh3
b3JraW5nIGNvcHkpCkBAIC0yMjcsNiArMjI3LDcgQEAKIAlUT0tfTE9DSywKIAlUT0tfVU5M
T0NLLAogCVRPS19WTElTVCwKKwlUT0tfU1RBVEVfT05MWSwKIH07CiAKIC8qCkluZGV4OiBz
eXMvbmV0aW5ldC9pcF9mdy5oCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHN5cy9uZXRpbmV0L2lwX2Z3
LmgJKHJldmlzaW9uIDI3ODE1MSkKKysrIHN5cy9uZXRpbmV0L2lwX2Z3LmgJKHdvcmtpbmcg
Y29weSkKQEAgLTI1Miw2ICsyNTIsOCBAQAogCU9fRFNDUCwJCQkvKiAyIHUzMiA9IERTQ1Ag
bWFzayAqLwogCU9fU0VURFNDUCwJCS8qIGFyZzE9RFNDUCB2YWx1ZSAqLwogCU9fSVBfRkxP
V19MT09LVVAsCS8qIGFyZzE9dGFibGUgbnVtYmVyLCB1MzI9dmFsdWUJKi8KKwkKKwlPX1NU
QVRFX09OTFksCQkvKiBub25lCQkJCSovCiAKIAlPX0xBU1RfT1BDT0RFCQkvKiBub3QgYW4g
b3Bjb2RlIQkJKi8KIH07CkluZGV4OiBzeXMvbmV0cGZpbC9pcGZ3L2lwX2Z3Mi5jCj09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT0KLS0tIHN5cy9uZXRwZmlsL2lwZncvaXBfZncyLmMJKHJldmlzaW9uIDI3ODE1
MSkKKysrIHN5cy9uZXRwZmlsL2lwZncvaXBfZncyLmMJKHdvcmtpbmcgY29weSkKQEAgLTIx
MDcsOSArMjEwNyw5IEBACiAJCQkgKiBPX1RBRywgT19MT0cgYW5kIE9fQUxUUSBhY3Rpb24g
cGFyYW1ldGVyczoKIAkJCSAqICAgcGVyZm9ybSBzb21lIGFjdGlvbiBhbmQgc2V0IG1hdGNo
ID0gMTsKIAkJCSAqCi0JCQkgKiBPX0xJTUlUIGFuZCBPX0tFRVBfU1RBVEU6IHRoZXNlIG9w
Y29kZXMgYXJlCi0JCQkgKiAgIG5vdCByZWFsICdhY3Rpb25zJywgYW5kIGFyZSBzdG9yZWQg
cmlnaHQKLQkJCSAqICAgYmVmb3JlIHRoZSAnYWN0aW9uJyBwYXJ0IG9mIHRoZSBydWxlLgor
CQkJICogT19MSU1JVCwgT19LRUVQX1NUQVRFIGFuZCBPX1NUQVRFX09OTFk6IHRoZXNlCisJ
CQkgKiAgIG9wY29kZXMgYXJlIG5vdCByZWFsICdhY3Rpb25zJywgYW5kIGFyZSBzdG9yZWQK
KwkJCSAqICAgcmlnaHQgYmVmb3JlIHRoZSAnYWN0aW9uJyBwYXJ0IG9mIHRoZSBydWxlLgog
CQkJICogICBUaGVzZSBvcGNvZGVzIHRyeSB0byBpbnN0YWxsIGFuIGVudHJ5IGluIHRoZQog
CQkJICogICBzdGF0ZSB0YWJsZXM7IGlmIHN1Y2Nlc3NmdWwsIHdlIGNvbnRpbnVlIHdpdGgK
IAkJCSAqICAgdGhlIG5leHQgb3Bjb2RlIChtYXRjaD0xOyBicmVhazspLCBvdGhlcndpc2UK
QEAgLTIxMjYsOSArMjEyNiwyMCBAQAogCQkJICogICBmdXJ0aGVyIGluc3RhbmNlcyBvZiB0
aGVzZSBvcGNvZGVzIGJlY29tZSBOT1BzLgogCQkJICogICBUaGUganVtcCB0byB0aGUgbmV4
dCBydWxlIGlzIGRvbmUgYnkgc2V0dGluZwogCQkJICogICBsPTAsIGNtZGxlbj0wLgorCQkJ
ICoKKwkJCSAqIE9fU1RBVEVfT05MWTogdGhpcyBvcGNvZGUgaXMgbm90IHJlYWwgJ2FjdGlv
bicKKwkJCSAqICB0b28sIGFuZCBpcyBzdG9yZWQgcmlnaHQgYmVmb3JlIHRoZSAnYWN0aW9u
JworCQkJICogIHBhcnQgb2YgdGhlIHJ1bGUsIHJpZ2h0IGFmdGVyIE9fS0VFUF9TVEFURQor
CQkJICogIG9wY29kZS4gSXQgY2F1c2VzIG1hdGNoIGZhaWx1cmUgc28gcmVhbAorCQkJICog
ICdhY3Rpb24nIGNvdWxkIGJlIGV4ZWN1dGVkIG9ubHkgaWYgcnVsZQorCQkJICogIGlzIGNo
ZWNrZWQgdmlhIGR5bmFtaWMgcnVsZSBmcm9tIHN0YXRlCisJCQkgKiAgdGFibGUsIGFzIGlu
IHN1Y2ggY2FzZSBleGVjdXRpb24gc3RhcnRzCisJCQkgKiAgZnJvbSB0cnVlICdhY3Rpb24n
IG9wY29kZSBkaXJlY3RseS4KKwkJCSAqICAgCiAJCQkgKi8KIAkJCWNhc2UgT19MSU1JVDoK
IAkJCWNhc2UgT19LRUVQX1NUQVRFOgorCQkJY2FzZSBPX1NUQVRFX09OTFk6CiAJCQkJaWYg
KGlwZndfaW5zdGFsbF9zdGF0ZShjaGFpbiwgZiwKIAkJCQkgICAgKGlwZndfaW5zbl9saW1p
dCAqKWNtZCwgYXJncywgdGFibGVhcmcpKSB7CiAJCQkJCS8qIGVycm9yIG9yIGxpbWl0IHZp
b2xhdGlvbiAqLwpAQCAtMjEzNiw3ICsyMTQ3LDExIEBACiAJCQkJCWwgPSAwOwkvKiBleGl0
IGlubmVyIGxvb3AgKi8KIAkJCQkJZG9uZSA9IDE7IC8qIGV4aXQgb3V0ZXIgbG9vcCAqLwog
CQkJCX0KLQkJCQltYXRjaCA9IDE7CisJCQkJaWYgKGNtZC0+b3Bjb2RlID09IE9fU1RBVEVf
T05MWSkgeworCQkJCQlsID0gMDsJLyogZXhpdCBpbm5lciBsb29wICovCisJCQkJCW1hdGNo
ID0gMDsKKwkJCQl9IGVsc2UKKwkJCQkJbWF0Y2ggPSAxOwogCQkJCWJyZWFrOwogCiAJCQlj
YXNlIE9fUFJPQkVfU1RBVEU6CkBAIC0yMTg4LDYgKzIyMDMsNyBAQAogCQkJCWJyZWFrOwog
CiAJCQljYXNlIE9fQUNDRVBUOgorCiAJCQkJcmV0dmFsID0gMDsJLyogYWNjZXB0ICovCiAJ
CQkJbCA9IDA7CQkvKiBleGl0IGlubmVyIGxvb3AgKi8KIAkJCQlkb25lID0gMTsJLyogZXhp
dCBvdXRlciBsb29wICovCkBAIC0yNTM3LDcgKzI1NTMsNyBAQAogCQkJCWRvbmUgPSAxOwkv
KiBleGl0IG91dGVyIGxvb3AgKi8KIAkJCQlicmVhazsKIAkJCX0KLQorCQkJCiAJCQlkZWZh
dWx0OgogCQkJCXBhbmljKCItLSB1bmtub3duIG9wY29kZSAlZFxuIiwgY21kLT5vcGNvZGUp
OwogCQkJfSAvKiBlbmQgb2Ygc3dpdGNoKCkgb24gb3Bjb2RlcyAqLwpJbmRleDogc3lzL25l
dHBmaWwvaXBmdy9pcF9md19keW5hbWljLmMKPT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gc3lzL25ldHBm
aWwvaXBmdy9pcF9md19keW5hbWljLmMJKHJldmlzaW9uIDI3ODE1MSkKKysrIHN5cy9uZXRw
ZmlsL2lwZncvaXBfZndfZHluYW1pYy5jCSh3b3JraW5nIGNvcHkpCkBAIC03MDgsNiArNzA4
LDcgQEAKIAogCXN3aXRjaCAoY21kLT5vLm9wY29kZSkgewogCWNhc2UgT19LRUVQX1NUQVRF
OgkvKiBiaWRpciBydWxlICovCisJY2FzZSBPX1NUQVRFX09OTFk6CiAJCXEgPSBhZGRfZHlu
X3J1bGUoJmFyZ3MtPmZfaWQsIGksIE9fS0VFUF9TVEFURSwgcnVsZSk7CiAJCWJyZWFrOwog
CkBAIC0xMzU3LDYgKzEzNTgsNyBAQAogCQlzd2l0Y2ggKGNtZC0+b3Bjb2RlKSB7CiAJCWNh
c2UgT19MSU1JVDoKIAkJY2FzZSBPX0tFRVBfU1RBVEU6CisJCWNhc2UgT19TVEFURV9PTkxZ
OgogCQljYXNlIE9fUFJPQkVfU1RBVEU6CiAJCWNhc2UgT19DSEVDS19TVEFURToKIAkJCXJl
dHVybiAoMSk7CkluZGV4OiBzeXMvbmV0cGZpbC9pcGZ3L2lwX2Z3X3NvY2tvcHQuYwo9PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09Ci0tLSBzeXMvbmV0cGZpbC9pcGZ3L2lwX2Z3X3NvY2tvcHQuYwkocmV2aXNp
b24gMjc4MTUxKQorKysgc3lzL25ldHBmaWwvaXBmdy9pcF9md19zb2Nrb3B0LmMJKHdvcmtp
bmcgY29weSkKQEAgLTE0MzMsNiArMTQzMyw3IEBACiAJCXN3aXRjaCAoY21kLT5vcGNvZGUp
IHsKIAkJY2FzZSBPX1BST0JFX1NUQVRFOgogCQljYXNlIE9fS0VFUF9TVEFURToKKwkJY2Fz
ZSBPX1NUQVRFX09OTFk6CiAJCWNhc2UgT19QUk9UTzoKIAkJY2FzZSBPX0lQX1NSQ19NRToK
IAkJY2FzZSBPX0lQX0RTVF9NRToK
--------------050009060301010507000304
Content-Type: application/octet-stream;
name="ipfw-state-only.diff.sig"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="ipfw-state-only.diff.sig"
iQJ8BAABCgBmBQJU0POaXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9wZW5wZ3Au
ZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFFQUIwM0M1OEJGREM0
NzhGAAoJEOqwPFi/3EeP+IYP/34Ksov2rvdf1N29a/AjpP64aqeG78LcIeiSem9Ai4s0P3tB
xNQfUSmSUZh6C2wsRCxXP6ee3oMOSc4jbETBaedYHU446I0iX/GvD04SvHyyramYf+nU3gXq
SF7GF5DbN3XHfqpihunaijLLZQz6zhwLuwPPSeLFG2xccc4o/8M+P6UHbyLDQNfOHR9YefmK
4bS7llfioqcDwb2bvmcD07wAXCxcKDzkefRcq3qyaPkIwxQ+A1CiTtyySpk6HjvEs1VogKRk
5iZbcAszmLMemIpXTUwNrScGaeCrnyCatAjtKTe9u26VI7X0XRP633a+/E/C7JJ6gHgWrmXF
E9XVuaz7lWbjdsIlyGi1AW7fjzUxPCBoLopnwpqL0d3WX43OykR0U/x8euizlseGjnd13sWn
Oly5i9SZAPJzvwR4F9wtmBgbHxqZu6fn1uC0xQPcjJsz/lsRno0lVFCUzmGNwPKJS4xvUSaq
FfET86rxuzVQUhRHGupzMsqlKtAa7DTD/RSwVh05CMtoiGao7KR46nmly6fccGY4a2Gsvphh
vR/xi4AdyqA/0+hPokBr/br1CGUZ72IkFs7h4tbG1u6Y2J1BED+hLb3ccOThTovQW9JCkK6l
Osgt9KrWxAWsavIpTWljlWni8fi6cEULZGclx9yKUBizx/ht+8gHE+cj9xdy
--------------050009060301010507000304--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54D0F39B.4070707>