Ingo et all, I suspect "modulate state" may be the culprit. Here is what the manual says:
modulate state - works only with TCP. PF will generate strong Initial Sequence Numbers (ISNs) for packets matching this rule. So we have 2 machines generating ISNs for the same connection. Could this be the problem? Yudhvir === On Sun, May 17, 2009 at 6:13 PM, mehma sarja <mehmasa...@gmail.com> wrote: > Ingo and the rest of OpenBSD pf-ers, > Thanks Ingo for your thoughts. Let me ask a simpler question, is there > something wrong with the following line on a FreeBSD 7.2 pf? > > pass in log quick on em0 inet proto tcp from any to 121.209.23.121 port = > imaps flags S/SA modulate state > > Yudhvir
