ipfw, keep-state and limit
Luigi Rizzo
rizzo at icir.org
Sun Apr 15 22:00:52 UTC 2007
On Sun, Apr 15, 2007 at 11:53:15PM +0200, Ivan Voras wrote:
> Luigi Rizzo wrote:
>
> > if i remember well (the implementation dates back to 2001 or so)
> > you just need to use "limit", as it implicitly installs
> > a dynamic state entry (same as keep-state).
>
> Thanks, I'll try it tomorrow. If it works, may I suggest a change: make
> the error message say "keep-state is redundant with limits" and proceed
> like only "limits" exists?
it certainly makes sense to change the error message and
explain better what is wrong.
However i really don't like the idea of accepting a wrong ipfw rule,
because it encourages lazy programming practices.
cheers
luigi
More information about the freebsd-net
mailing list