Date: Thu, 8 Nov 2007 20:50:13 +0100 From: Robert Blacquiere <freebsd-net@blacquiere.nl> To: Dag-Erling Sm??rgrav <des@des.no> Cc: net@freebsd.org Subject: Re: pf misfeature Message-ID: <20071108195013.GD5029@shellvm.blacquiere.nl> In-Reply-To: <86zlxoblmj.fsf@ds4.des.no> References: <86zlxoblmj.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 08, 2007 at 08:08:52PM +0100, Dag-Erling Sm??rgrav wrote: > Given appropriate definitions for $eth and $lan, you'd expect the > following rule to simply pass all traffic originating from and destined > for the LAN: > > pass on $eth from $lan to $lan > > However, in pf, "keep state" is *implicit* (why?), so you'd expect it to > turn into something like this: I think this was turned on in the OpenBSD as of 4.0 i think. Default keep state. To negate this behavour in OpenBSD pf you can add no state : pass on $eth from $lan to $lan no state I'me not sure if this also works on FreeBSD Regards -- Microsoft: Where do you want to go today? Linux: Where do you want to go tomorrow? FreeBSD: Are you guys coming or what? OpenBSD: Hey guys you left some holes out there!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071108195013.GD5029>