Hello, There is something that I don’t really understand about pf keep state : - documentation says : All pass rules automatically create a state entry when a packet matches the rule. This can be explicitly disabled by using the no state option.
But… I find a lot of example on the web that add the keep state on tcp pass rules, and what is worse, I have to work on a production firewall that has such rules, so I can’t test. So my question is - is there any reason to add keep state to a pass rule ? Thanks. f.g.
