OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :

<< Re: iptables | Up: Re: iptables | Flattened | Expanded | Re: iptables >>

Threshold: Help

  Re: iptables (mod 6/92)
by Dries Schellekens on Wed Mar 26 21:05:00 2003 (GMT)
  Yes, this seems quite useless. PF is able to pick up existing connections when using keep state ; of course modulate state will not work, because the ISN modulation will be lost between reboots (this is described in pf.conf(5) .

pfsync(4) will only be interesting in case of failover; but a good failover mechanism (VRRP) is lacking because of patent stuff.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. Some icons from used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]