[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: stateful filters affect queue filters
On Wednesday, Jul 23, 2003, at 03:36 US/Pacific, Mark Bojara wrote:
I understand what you mean but this is only for a outgoing connection
with keepstated incoming. If another completely different incoming
connection gets established then since it did not orignate as a
outgoing connection the keep state will not apply.
I don't follow. If all of your rules specify queues, then the queues
will apply. Is there a case where you don't want to specify queues
that I missed?
On Wed, 23 Jul 2003, Trevor Talbot wrote:
On Tuesday, Jul 22, 2003, at 23:46 US/Pacific, Mark Bojara wrote:
Thanks for the advice, Ive tried to have one rule to catch both
directions but if it is outgoing traffic then the keepstate will
automatically allocate the incoming packets that are comming back to
the same queue. But if the request originated from a incoming
request there is no way possible that the same outgoing queue will
work for that traffic.
Anyway, the tagging in the state entry happens no matter which
direction the packet is traveling. Thus, when you create a state on
an inbound packet, the queue tag will only matter for reply packets
(going back out on that interface). The inbound packets will still
be tagged, but the tags don't match any queue on the interface they
go out on, so nothing happens. Meanwhile, you also have a rule to
create state out on that other interface, and that queue tag does
You should keep the one-rule-per-interface setup, i.e. "pass in on
$i01", "pass out on $i03". You should also set each rule to use the
appropriate queue on that same interface, no matter which direction
the rule is for.