Date: Wed, 2 Apr 2008 21:20:26 -0700 From: Jeremy Chadwick <koitsu@freebsd.org> To: Kian Mohageri <kian.mohageri@gmail.com> Cc: Diego Salvador <salvador_d13@yahoo.com.ph>, fox@verio.net, freebsd-pf@freebsd.org Subject: Re: PF and State Table Message-ID: <20080403042026.GA88726@eos.sc1.parodius.com> In-Reply-To: <fee88ee40804022117w6d13d002t2d4d75969517c285@mail.gmail.com> References: <684548.87924.qm@web57414.mail.re1.yahoo.com> <C65291A68BAF57499B18564A1EE4A7612ECBF8@UXCHANGE1.UoA.auckland.ac.nz> <fee88ee40804022117w6d13d002t2d4d75969517c285@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 02, 2008 at 09:17:07PM -0700, Kian Mohageri wrote: > On Wed, Apr 2, 2008 at 1:33 PM, Mark Pagulayan > <m.pagulayan@auckland.ac.nz> wrote: > > Hi, > > > > What pf version are you using? Correct me if I am wrong guys, on PF4.1 > > which a the release version of pf on freebsd 7.0 when you specify keep > > state the flag S/A is implied? > > > > Correct, and if you leave out 'keep state' entirely, it will apply > 'flags S/SA keep state' > > e.g., > > kian@alvis:~ > > cat pf.conf > pass on em0 > > kian@alvis:~ > > pfctl -vnf pf.conf > pass on em0 all flags S/SA keep state I'd like to know what exactly happens to UDP and ICMP packets when hitting that rule, since UDP and ICMP don't have such flags. The documentation doesn't really discuss what happens in this case. This is why I solicit having 3 separate rules for each protocol (TCP = flags S/SA keep state, UDP = keep state, ICMP = keep state). -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080403042026.GA88726>