On Sep 8, 2008, at 1:09 AM, Chris Smith wrote:
On Sunday 07 September 2008 04:53:20 pm Yar Tikhiy wrote:
And in OpenBSD-current the manpage still reads: "...keep state
must be specified explicitly to apply [stateful tracking] options
to a rule."
Not in the -current running here. The manpage reads:
"A number of options related to stateful tracking can be applied on
a per-rule
basis. keep state, modulate state and synproxy state support these
options,
and keep state must be specified explicitly to apply options to a
rule."
And the "options" referred to are listed in that section, such as max,
timeout, no-sync, sloppy, etc. If you're not applying the options,
keep state
is implied.
Sorry, I misread that paragraph. I also missed this:
pass The packet is passed; state is created state unless the
no state
option is specified.
By default pf(4) filters packets statefully; the first time a
packet
matches a pass rule, a state entry is created; for subsequent
packets the
filter checks whether the packet matches any state.
Excuse me for the noise.
Yar
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
