[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tagging & keep state



Henning Brauer wrote:

* Ed White <[email protected]> [2004-06-01 13:32]:


On Tuesday 01 June 2004 00:48, David Gwynne wrote:


Theres always annoying edge cases. The only problem I've seen with this
behaviour of tags is when you're trying to keep track of traceroutes
through the box. Say you have the following rules


The funny thing is that if you want to use tags to filter on multiple interfaces you have to keep state on each of them.
That's the opposite of what FAQ suggests! ;-)



what, the FAQ suggests to filter stateless if you have multiple interfaces? I have to talk to Joel ;)


*IF* possible, you don't want to have multiple states for the same packet.
Wastes RAM for little purpose.
Cedric