HomeFreeBSD

Add "record-state", "set-limit" and "defer-action" rule options to ipfw.

Description

Add "record-state", "set-limit" and "defer-action" rule options to ipfw.

"record-state" is similar to "keep-state", but it doesn't produce implicit
O_PROBE_STATE opcode in a rule. "set-limit" is like "limit", but it has the
same feature as "record-state", it is single opcode without implicit
O_PROBE_STATE opcode. "defer-action" is targeted to be used with dynamic
states. When rule with this opcode is matched, the rule's action will
not be executed, instead dynamic state will be created. And when this
state will be matched by "check-state", then rule action will be executed.
This allows create a more complicated rulesets.

Submitted by: lev
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D1776

Details

Committed
aeJul 9 2018, 11:35 AM
Differential Revision
D1776: New options for ipfw - record-state, set-limit and skip-immediate-action - for simpler rulesets
Parents
rS336131: Deduplicate the code.
Branches
Unknown
Tags
Unknown