From owner-freebsd-net@FreeBSD.ORG  Thu Nov  8 20:01:26 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 241F616A418
	for <net@freebsd.org>; Thu,  8 Nov 2007 20:01:26 +0000 (UTC)
	(envelope-from robert@blacquiere.nl)
Received: from smtp-vbr10.xs4all.nl (smtp-vbr10.xs4all.nl [194.109.24.30])
	by mx1.freebsd.org (Postfix) with ESMTP id B0DBE13C4C1
	for <net@freebsd.org>; Thu,  8 Nov 2007 20:01:25 +0000 (UTC)
	(envelope-from robert@blacquiere.nl)
Received: from guldan-dsl.demon.nl (guldan-dsl.demon.nl [83.160.7.100])
	by smtp-vbr10.xs4all.nl (8.13.8/8.13.8) with ESMTP id lA8JoJeM008182;
	Thu, 8 Nov 2007 20:50:19 +0100 (CET)
	(envelope-from robert@blacquiere.nl)
Received: from shellvm.blacquiere.nl ([192.168.201.5] helo=shell.blacquiere.nl)
	by guldan-dsl.demon.nl with esmtp (Exim 4.66 (FreeBSD))
	(envelope-from <robert@blacquiere.nl>)
	id 1IqDOH-000JKO-M2; Thu, 08 Nov 2007 20:50:18 +0100
Date: Thu, 8 Nov 2007 20:50:13 +0100
From: Robert Blacquiere <freebsd-net@blacquiere.nl>
To: Dag-Erling Sm??rgrav <des@des.no>
Message-ID: <20071108195013.GD5029@shellvm.blacquiere.nl>
References: <86zlxoblmj.fsf@ds4.des.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <86zlxoblmj.fsf@ds4.des.no>
User-Agent: Mutt/1.4.2.2i
X-Disclaimer: running FreeBSD
X-SA-Exim-Connect-IP: 192.168.201.5
X-SA-Exim-Mail-From: robert@blacquiere.nl
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on mailvm.blacquiere.nl
X-Spam-Level: 
X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00
	autolearn=ham version=3.1.8
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on guldan-dsl.demon.nl)
X-Virus-Scanned: by XS4ALL Virus Scanner
Cc: net@freebsd.org
Subject: Re: pf misfeature
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2007 20:01:26 -0000

On Thu, Nov 08, 2007 at 08:08:52PM +0100, Dag-Erling Sm??rgrav wrote:
> Given appropriate definitions for $eth and $lan, you'd expect the
> following rule to simply pass all traffic originating from and destined
> for the LAN:
> 
>   pass on $eth from $lan to $lan
> 
> However, in pf, "keep state" is *implicit* (why?), so you'd expect it to
> turn into something like this:

I think this was turned on in the OpenBSD as of 4.0 i think. Default
keep state. 

To negate this behavour in OpenBSD pf you can add no state 

:

pass on $eth from $lan to $lan no state 


I'me not sure if this also works on FreeBSD  

Regards

-- 
Microsoft: Where do you want to go today?
Linux: Where do you want to go tomorrow?
FreeBSD: Are you guys coming or what?
OpenBSD: Hey guys you left some holes out there!