Vai al contenuto

keep ifstate

Description

Enables stateful firewalling by temporarily opening a port for incoming traffic when an outgoing packet matches the specified rule. With the keep ifstate keyword, the firewall tracks the state of an existing connection on the basis of source IP address, destination IP address, source port, destination port, protocol, and interface.
Keeping state focuses on blocking or passing packets from a new connection. If the new connection is allowed, all packets are passed in both directions. If a new connection is blocked, all packets are blocked in both directions.

Synopsis

{block | pass} {in | out} {to | from} address_scope keep ifstate
address_scope can be a unique IP address, an address space, or the keywords !, all, me, or any.

Scarica PDF

Scarica questa pagina