Stuart Henderson writes: > "synproxy state" cannot work on outbound (for more details see > https://marc.info/?l=openbsd-tech&m=160686649524095&w=2). > > Because pfctl is doing something other than what you asked it to do, > IMO the warning makes sense. > > Alternatively it could be classed as an error but that won't be very > fun for people upgrading.
I get that it doesn't work for 'out'. The point I was trying to make, but didn't explain clearly, is that the implicit 'in' matches the documented behaviour in the man page, and therefore shouldn't lead to a warning message. After reading the manpage, I think anyone would understand that that is the case. In the case of 'pass out' where the rule clearly won't apply to any inbound traffic, the warning is completely justified. --lyndon
