[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: RESOLVED: Tag option for a rule
From:       Darren Reed <darrenr () reed ! wattle ! id ! au>
Date:       2006-10-03 1:08:26
Message-ID: 4521B80A.8050402 () reed ! wattle ! id ! au
[Download RAW message or body]

Beers, James W. wrote:
> Got it.  Here is the final working rule (taken out of context):
>
>  pass in log first quick on bge0 proto tcp from any to <ip_addr> port =
> 22 flags S keep state group 2 set-tag (log=1)
>
> The question still stands, though - is anyone using this functionality?
> I think it's great and will help immensely with my log parsing scripts.
>   

It was added at the behest of someone who wanted to do exactly that...

The reason for the syntax is that there can be both a logging tag and a 
NAT tag
and you can specify a matching tag in NAT rules too..

Darren

[prev in list] [next in list] [prev in thread] [next in thread]