On 2012-11-21, Kapetanakis Giannis <bil...@edu.physics.uoc.gr> wrote:
> On 19/11/12 14:47, Henning Brauer wrote:
>> the rule
>> referred to then is the default rule. but we didn't get as far as rule
>> matching, so that is misleading you.
>
> What do you mean by default rule?
PF has an implicit default rule, "pass all flags any no state".
I would recommend that the first filter rule is either just "block"
or "pass" (optionally with "log" etc) so that you can be sure there's
a state entry for all traffic which is passed by the firewall.
Otherwise you can get into trouble with window scaling (which is
the reason pf.conf pass rules all default to "keep state" now).
