On 2/4/15 6:08 PM, bycn82 wrote:
/Cool,
But maybe not all people are following this topic, so can you please
simplify it by answering below question in order to allow more
people to know what is going on here.
/
/What kind of problem you are facing and how does your patch resolve it?
/
le
On 2/4/15 5:24 PM, Lev Serebryakov wrote:
--
Re-installation of state (with second, third, etc... packet of
connection) should update TCP state of state (sorry!), or it will die
in 10 seconds.
This version seems to be final (apart from name of new option!).
It works perfectly on my route
*Cool, But maybe not all people are following this topic, so can you please
simplify it by answering below question in order to allow more people to
know what is going on here.*
*What kind of problem you are facing and how does your patch resolve it?*
On 4 February 2015 at 17:24, Lev Serebryako
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03.02.2015 19:55, Lev Serebryakov wrote:
>> Ok, "allow-state"/"deny-state" was very limited idea. Here is
>> more universal mechanism: new "keep-state-only" (aliased as
>> "record-only") option, which works exactly as "keep-state" BUT
>> cancel
On 2/4/15 1:32 PM, Julian Elischer wrote:
On 2/4/15 12:13 AM, Lev Serebryakov wrote:
And variants with multiple NATs and "nat global" becomes as easy as
this, too! No stupid "skipto", no "keep-state" at "incoming from local
network" parts of firewall, nothing!
P.S. I HATE this "all any to an
On 2/4/15 12:13 AM, Lev Serebryakov wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Ok, "allow-state"/"deny-state" was very limited idea.
Here is more universal mechanism: new "keep-state-only" (aliased as
"record-only") option, which works exactly as "keep-state" BUT cancel
match of
On 2/4/15 12:55 AM, Lev Serebryakov wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03.02.2015 19:13, Lev Serebryakov wrote:
Ok, "allow-state"/"deny-state" was very limited idea. Here is more
universal mechanism: new "keep-state-only" (aliased as
"record-only") option, which works ex
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03.02.2015 19:13, Lev Serebryakov wrote:
> Ok, "allow-state"/"deny-state" was very limited idea. Here is more
> universal mechanism: new "keep-state-only" (aliased as
> "record-only") option, which works exactly as "keep-state" BUT
> cancel matc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Ok, "allow-state"/"deny-state" was very limited idea.
Here is more universal mechanism: new "keep-state-only" (aliased as
"record-only") option, which works exactly as "keep-state" BUT cancel
match of rule after state creation. It allows to write
