Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 18 May 2008 08:19:19 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        =?ISO-8859-1?Q?Johan_Str=F6m?= <johan@stromnet.se>
Cc:        Alex Trull <alex@trull.org>, freebsd-pf@freebsd.org, freebsd-stable <freebsd-stable@freebsd.org>, freebsd-net@freebsd.org
Subject:   Re: connect(): Operation not permitted
Message-ID:  <482FD877.6050707@infracaninophile.co.uk>
In-Reply-To: <679DB462-75D6-45CC-949C-1BE8E12C22CD@stromnet.se>
References:  <678A03F5-5E8A-4CF6-90DF-AA9A4F30FBE1@stromnet.se>	<1211037564.6326.27.camel@porksoda> <679DB462-75D6-45CC-949C-1BE8E12C22CD@stromnet.se>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig220B22B21812B7D67D58F6E8
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable

Johan Str=F6m wrote:

> drop all traffic)? A check with pfctl -vsr reveals that the actual rule=
=20
> inserted is "pass on lo0 inet from 123.123.123.123 to 123.123.123.123=20
> flags S/SA keep state". Where did that "keep state" come from?

'flags S/SA keep state' is the default now for tcp filter rules -- that
was new in 7.0 reflecting the upstream changes made between the 4.0 and 4=
=2E1
releases of OpenBSD.  If you want a stateless rule, append 'no state'.

http://www.openbsd.org/faq/pf/filter.html#state

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW


--------------enig220B22B21812B7D67D58F6E8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkgv2HwACgkQ8Mjk52CukIwjCwCfa/ntbIVtKQwooaR/j8aLxKPF
ukEAni24eJYNJRCwOLZUQFCd2A1kf+tO
=2vt+
-----END PGP SIGNATURE-----

--------------enig220B22B21812B7D67D58F6E8--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?482FD877.6050707>