Date: Wed, 05 Sep 2007 08:00:53 +1200 From: Russell Fulton <r.fulton@auckland.ac.nz> To: freebsd-ipfw@freebsd.org Subject: Re: getting state to work properly Message-ID: <46DDB975.3050606@auckland.ac.nz> In-Reply-To: <46DD38BC.30605@elischer.org> References: <46D66176.9020300@auckland.ac.nz> <46D70145.3030708@auckland.ac.nz> <optx3bu3br4fjv08@nuclight.avtf.net> <46DD38BC.30605@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Julian Elischer wrote: > > also bear in mind the way that state is done.. > it's not documented anywhere but when you do a 'keep-state', the rule > that > does the keep-state is stored away, and when a "check state" is run, > it effectively JUMPS TO the rule that did the keep-state. > Ah! thanks for that! As it happens that's just what I need. In many cases in my rule set I use add pipe ................ keep-state and that works as I had hoped it would -- this explains why. Thanks also to the other folk on the list (Hi Vadim) who have helped me get this show on the road. Yesterday I shut down the interfaces on the primary firewall to force the traffic to the secondary where I had my rewritten rule set up and no one noticed (except those who had tcp sessions in progress at the time). Are there any plans for state synchronisation (like pfsync) for ipfw or is there something and I have missed it? Russell.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46DDB975.3050606>