Date: Tue, 1 Jul 2014 14:40:47 +0200 From: "Spenst, Aleksej" <Aleksej.Spenst@harman.com> To: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: "keep state" does not work Message-ID: <6851EFD94261DC4E81707E7F29930840B1A039E6@HIKAWSEX01.ad.harman.com>
next in thread | raw e-mail | index | archive | help
Hi All, I have a problem that when I use the rules with "keep state" my use case does not work. When I use two rules "pass out" and "pass in" (instead of one "pass out" rule with keep state) then everything works. These rules work fine: pass out quick on wfd0 proto tcp from (self) to 172.16.222/24 port 7236 pass in quick on wfd0 proto tcp from 172.16.222/24 port 7236 to (self) Now, instead of these two rules I write the following rule with "keep state" and it does not work: pass out quick on wfd0 proto tcp from (self) to 172.16.222/24 port 7236 keep state The strange thing is that in this case I don't see any blocked packets in logs! I also see that the state "self -> 172.16.222/24 port 7236" always exists. Does anyone have experience that "keep state" does not work as expected for some reason? Thanks a lot! Aleksej.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6851EFD94261DC4E81707E7F29930840B1A039E6>