From owner-freebsd-pf@FreeBSD.ORG Wed Oct 24 05:58:03 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 913F016A417 for ; Wed, 24 Oct 2007 05:58:03 +0000 (UTC) (envelope-from sugarfreemonkey@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.181]) by mx1.freebsd.org (Postfix) with ESMTP id 76FD913C4A3 for ; Wed, 24 Oct 2007 05:58:03 +0000 (UTC) (envelope-from sugarfreemonkey@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so118621waf for ; Tue, 23 Oct 2007 22:57:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=p4GMwiTiH+nY2EV+6REX4XQzlEqblyz7wviaKCieEqc=; b=Jo1vDngFxtOtLIHRhqqowoBIPwejIY4TTKZPvzpvnY4UuaekaJtJpYUX0X7Xq3HbsvrGxVewICD0sNC44FsB+qtMaZry3tDomMXn6/pfp7CtagNw2rG6rsR5lra426CJp4ivKC4eNXMApz6C3tboPDFf90fTMRQ0LBlrcmEX0Os= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=KYCIYqJyXC2oJEHp4HfPHw8OePKFNZfc9f8MvcFE0633B4I6aYeXlUs9B00xrG4EQTN2rj1uldL7hT2VuenPaHJ2NkZ6mGQEX/EZ59KgKCSeS79KsK7iie2AAHggbCDqKZXklsGlLEj9KGnKrm9vfixjLWTjI4EFt8NQeo18v18= Received: by 10.114.183.1 with SMTP id g1mr268840waf.1193205055994; Tue, 23 Oct 2007 22:50:55 -0700 (PDT) Received: by 10.115.16.3 with HTTP; Tue, 23 Oct 2007 22:50:55 -0700 (PDT) Message-ID: <1fc8a2a60710232250i5954c8c3tc501ed4ec71dac80@mail.gmail.com> Date: Wed, 24 Oct 2007 13:50:55 +0800 From: "Nex Mon" To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: disabling implicit creation of state for NAT, BINAT and RDR X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Oct 2007 05:58:03 -0000 hello, is there a way to disable implicit creation of states for NAT, BINAT and RDR rules? the man page of pf.conf says this: Note: nat, binat and rdr rules implicitly create state for connections. i've looked at the PF implemenation in openbsd and checked the online documentation in http://www.openbsd.org/faq/pf. i found out that you can specify "no state" to prevent the rule from creating a state. http://www.openbsd.org/faq/pf/filter.html#state can someone tell if this is supported in freebsd or not? thanks a lot, nex