In some email I received from Manuel Bouyer, sie wrote:
> 
> On Tue, Apr 25, 2000 at 03:52:42PM +1000, Darren Reed wrote:
> > In some email I received from Manuel Bouyer, sie wrote:
> > > 
> > > In fact the previous behavior was a bug :)
> > > The new behavior cause problems only if you use ftp or rsh proxy (that is,
> > > protocols that need incoming TCP connections to dynamic ports).
> > > But the rigth thing to do here would be to have to ftp or rsh proxy
> > > dynamically update the filters when required. Darren, are you listening ? :)
> > 
> > hmm ?  They should be setting up keep state things to let through the
> > other connection automatically, if you use them.
> 
> I don't use keep-state. Can I use keep-state only for ftp proxy ?

If you're using the ipfilter proxy for ftp/rcmd, then it will
automatically add the correct state information.

Darren