Re: ipfilter: keep state per-interface?

To: Egerváry Gergely <gergely%egervary.hu@localhost>
Subject: Re: ipfilter: keep state per-interface?
From: Timo Buhrmester <fstd.lkml%gmail.com@localhost>
Date: Tue, 27 Dec 2016 19:20:42 +0100

> FYI: from NetBSD's NPF `man 5 npf.conf'
> | Stateful packet inspection is enabled using `stateful' or
> | `stateful-ends' keywords.  The former creates a state which is
> | uniquely identified by a 5-tuple (source and destination IP
> | addresses, port numbers and an interface identifier).  The latter
> | excludes the interface identifier and must be used with precaution.
Thanks!  I guess I'll use it as an excuse to learn some npf :-)

Follow-Ups:
- Re: ipfilter: keep state per-interface?
  - From: Egerváry Gergely

References:
- ipfilter: keep state per-interface?
  - From: Timo Buhrmester
- Re: ipfilter: keep state per-interface?
  - From: Egerváry Gergely
- Re: ipfilter: keep state per-interface?
  - From: Egerváry Gergely

Prev by Date: Re: ipfilter: keep state per-interface?
Next by Date: Re: ipfilter: keep state per-interface?
Previous by Thread: Re: ipfilter: keep state per-interface?
Next by Thread: Re: ipfilter: keep state per-interface?
Indexes:

Home | Main Index | Thread Index | Old Index