Johan Ström wrote:
drop all traffic)? A check with pfctl -vsr reveals that the actual rule inserted is "pass on lo0 inet from 123.123.123.123 to 123.123.123.123 flags S/SA keep state". Where did that "keep state" come from?
'flags S/SA keep state' is the default now for tcp filter rules -- that was new in 7.0 reflecting the upstream changes made between the 4.0 and 4.1 releases of OpenBSD. If you want a stateless rule, append 'no state'. http://www.openbsd.org/faq/pf/filter.html#state Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature
