[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: State table with a rule change

Rule changes do not affect existing states. You have to process each
state and decide if you still want it or not. Look at authpf for one
way to do it. authpf removes states containing the IP address
of the connection it authenticated on exit.
On Thu, Dec 12, 2002 at 08:11:27AM -0700, Larry Coulson wrote:
> If pf has been in operation for a while and a new rule set is loaded what 
> happens to the states? For example there could be two rules to allow 
> packets (rule A & rule B) in the old rule set that have just created two 
> tcp established states (state A & state B) that could naturally time out in 
> 24 hours. The new rule set just loaded retains rule A but no longer has 
> rule B. We would like state A to be retained but state B should be removed. 
> Will this occur?