In article <[EMAIL PROTECTED]>,
Luigi Rizzo <[EMAIL PROTECTED]> wrote:
>
> This will let you write things like (taken from a live -current):
>
> rizzo# ipfw show
> 00100 313 15907 allow tcp from any to any keep-state setup
> 00200 0 0 deny tcp from any to any
> 65535 1433 309926 allow ip from any to any
> ## Dynamic rules:
> 00100 279 13151 tcp 131.114.9.26 513 <-> 131.114.9.236
>
> where the 'Dynamic rules' part is generated as a result of a match
> of rule 100.
Sounds cool, but could you please describe what it does? Apparently
it adds a temporary pass rule between two endpoints, in response to a
triggering rule that contains "keep-state". Is that right?
I realize it's probably like ipfilter's keep-state feature. But
that's not documented either. :-(
John
--
John Polstra [EMAIL PROTECTED]
John D. Polstra & Co., Inc. Seattle, Washington USA
"Disappointment is a good sign of basic intelligence." -- Chögyam Trungpa
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
