Changeset View
Changeset View
Standalone View
Standalone View
sbin/ipfw/ipfw.8
Show First 20 Lines • Show All 4,560 Lines • ▼ Show 20 Lines | |||||
Rule with | Rule with | ||||
.Cm keep-state | .Cm keep-state | ||||
option will trigger activation of existing dynamic state, and action of such | option will trigger activation of existing dynamic state, and action of such | ||||
rule will be performed as soon as rule is matched. In case of NAT and | rule will be performed as soon as rule is matched. In case of NAT and | ||||
.Cm allow | .Cm allow | ||||
rule packet need to be passed to NAT, not allowed as soon is possible. | rule packet need to be passed to NAT, not allowed as soon is possible. | ||||
.Pp | .Pp | ||||
There is example of set of rules to achieve this. Bear in mind that this | There is example of set of rules to achieve this. Bear in mind that this | ||||
is exmaple only and it is not very useful by itself. | is example only and it is not very useful by itself. | ||||
.Pp | .Pp | ||||
On way out, after all checks place this rules: | On way out, after all checks place this rules: | ||||
.Pp | .Pp | ||||
.Dl "ipfw add allow record-state skip-action" | .Dl "ipfw add allow record-state skip-action" | ||||
.Dl "ipfw add nat 1" | .Dl "ipfw add nat 1" | ||||
.Pp | .Pp | ||||
And on way in there should be something like this: | And on way in there should be something like this: | ||||
.Pp | .Pp | ||||
▲ Show 20 Lines • Show All 259 Lines • Show Last 20 Lines |