On 2012-11-21, Kapetanakis Giannis <bil...@edu.physics.uoc.gr> wrote: > On 21/11/12 15:20, Stuart Henderson wrote: >> On 2012-11-21, Kapetanakis Giannis <bil...@edu.physics.uoc.gr> wrote: >>> On 19/11/12 14:47, Henning Brauer wrote: >>>> the rule >>>> referred to then is the default rule. but we didn't get as far as rule >>>> matching, so that is misleading you. >>> What do you mean by default rule? >> PF has an implicit default rule, "pass all flags any no state". >> >> I would recommend that the first filter rule is either just "block" >> or "pass" (optionally with "log" etc) so that you can be sure there's >> a state entry for all traffic which is passed by the firewall. >> Otherwise you can get into trouble with window scaling (which is >> the reason pf.conf pass rules all default to "keep state" now). >> > > Ok I've added a "block" as a first rule, but how would that create a state?
It doesn't create a state, my wording was careful - emphasis added: "so that you can be sure there's a state entry for all traffic _which is passed_ by the firewall." But my answer was just to your "what do you mean by default rule" question - as Henning said, "but we didn't get as far as rule matching, so that is misleading you."
