PERFORCE change 146996 for review
Gleb Kurtsou
gk at FreeBSD.org
Sat Aug 9 17:15:05 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=146996
Change 146996 by gk at gk_h1 on 2008/08/09 17:14:46
document state-options (mostly copy-pasted from pf.conf(5))
Affected files ...
.. //depot/projects/soc2008/gk_l2filter/sbin-ipfw/ipfw.8#6 edit
Differences ...
==== //depot/projects/soc2008/gk_l2filter/sbin-ipfw/ipfw.8#6 (text+ko) ====
@@ -1465,6 +1465,21 @@
Matches TCP packets that have the SYN bit set but no ACK bit.
This is the short form of
.Dq Li tcpflags\ syn,!ack .
+.It Cm state-options Ar spec
+Specifies options for dynamic rule creation by
+.Cm keep-state
+or
+.Cm limit .
+.Ar spec
+is comma separated list of options.
+The supported options are:
+.Bl -tag -width xxxxxxxx -compact
+.It Cm ether
+Enable layer 2 stateful filtering for a rule.
+Source and destination ethernet addresses (MAC addresses) are used to
+create a state entry (dynamic rule) and to check if packet matches any
+state entry.
+.El
.It Cm src-arp Ar src-arp
Matches Address Resolution Protocol (ARP) packets whose
.Em Sender protocol address (SPA)
More information about the p4-projects
mailing list