[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf(4) schemantics

Okay, I think I'm starting to understand what you want. (because I
believe we tossed the idea around at the last hackathon)
Basically, you want a state-creating packet to be able to create state
on multiple interfaces, like:
pass in on $ext_if proto tcp from any to $webserver port 80 \
   keep state on {$ext_if $int_if} flags S/SAFR
(The way I had envisioned it, this would only occur for the
state-creating packet, and it would only do so for the interfaces
Is this what you mean?