From owner-freebsd-pf@FreeBSD.ORG  Tue Aug 20 17:05:07 2013
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id C47B22B2
 for <freebsd-pf@freebsd.org>; Tue, 20 Aug 2013 17:05:07 +0000 (UTC)
 (envelope-from list_freebsd@bluerosetech.com)
Received: from rush.bluerosetech.com (rush.bluerosetech.com
 [IPv6:2607:fc50:1000:9b00::25])
 (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9B1292DB2
 for <freebsd-pf@freebsd.org>; Tue, 20 Aug 2013 17:05:07 +0000 (UTC)
Received: from chombo.houseloki.net (c-76-27-220-79.hsd1.wa.comcast.net
 [76.27.220.79])
 by rush.bluerosetech.com (Postfix) with ESMTPSA id B412611434;
 Tue, 20 Aug 2013 10:05:05 -0700 (PDT)
Received: from [192.168.1.102] (static-71-242-248-73.phlapa.east.verizon.net
 [71.242.248.73])
 by chombo.houseloki.net (Postfix) with ESMTPSA id 7D07C8E8;
 Tue, 20 Aug 2013 10:04:03 -0700 (PDT)
Message-ID: <5213A17D.7030104@bluerosetech.com>
Date: Tue, 20 Aug 2013 13:03:57 -0400
From: Darren Pilgrim <list_freebsd@bluerosetech.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1;
 rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Alexander <axex007@yandex.ru>
Subject: Re: Windows 7 + freebsd-pf + windows scale SYN-ACK problem
References: <520E1822.7010505@yandex.ru>
 <20130816125058.GA28156@insomnia.benzedrine.cx> <520E35B3.4080607@yandex.ru>
 <20130816171227.GB28156@insomnia.benzedrine.cx> <5211E1A7.7070804@yandex.ru>
In-Reply-To: <5211E1A7.7070804@yandex.ru>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-pf@freebsd.org
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Aug 2013 17:05:07 -0000

On 8/19/2013 5:13 AM, Alexander wrote:
> i have 'pass on bridge0 all flags S/SA keep state rule on bridge'

That still filters on the bridge interface.  Worse, it doesn't allow 
everything.  You need to set skip on bridge0 to completely disable pf on 
that interface.