Date: Tue, 5 Mar 2024 12:55:42 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> To: "Eugene M. Zheganin" <eugene@zhegan.in>, freebsd-pf@freebsd.org Subject: Re: dumb question about "no state" Message-ID: <b527b7c9-e68e-49ba-ae54-538eea2fa010@quip.cz> In-Reply-To: <3983e6ab-5760-408e-a3a8-b40c8eb24c1d@zhegan.in> References: <d38d0e14-4b8b-420f-b9e7-62c521f003aa@zhegan.in> <88035aa9-bfd1-41f4-ba9a-08b2bc8441d1@quip.cz> <3983e6ab-5760-408e-a3a8-b40c8eb24c1d@zhegan.in>
next in thread | previous in thread | raw e-mail | index | archive | help
On 05/03/2024 11:30, Eugene M. Zheganin wrote: > Hello, > > On 05.03.2024 14:29, Miroslav Lachman wrote: >> >>> Why does this rule create states ? Am I misreading/misunderstanding >>> the part "state is created unless the no state option is specified" ? >> >> Also from the man page, few lines after your citation: >> >> By default pf(4) filters packets statefully; the first time a packet >> matches a pass rule, a state entry is created; for subsequent packets >> the filter checks whether the packet matches any state. >> > I'm failing to see how this can explain state creation by a rule that > clearly shouldn't create any states at all. Furthermore, state are > (usually) created by a packet with SYN flag, in case of TCP. I am sorry, you are right. I missed the part of your message with 82 states. I have no explanation for that. Kind regards Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b527b7c9-e68e-49ba-ae54-538eea2fa010>