pass in quick on $EXTIF inet proto tcp from any to 192.178.78.6 port www
flags S/SA modulate state
I think scrub are used on the ext inferface
Check to see if you use scrub or not then that would answer your
question below.
So now to my question: is the above denied connections correct or should
they be allowed to the www server, eg. using S/SAFR in the pass rule?
While this is practical and safe, it is also unnecessary to check the
FIN and RST flags if traffic is also being scrubbed. From FAQ.
Daniel
