From owner-freebsd-pf@FreeBSD.ORG  Tue Jun 27 13:29:27 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 40EDF16A404
	for <freebsd-pf@freebsd.org>; Tue, 27 Jun 2006 13:29:27 +0000 (UTC)
	(envelope-from dhartmei@insomnia.benzedrine.cx)
Received: from insomnia.benzedrine.cx (insomnia.benzedrine.cx [62.65.145.30])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8A20143D76
	for <freebsd-pf@freebsd.org>; Tue, 27 Jun 2006 13:29:26 +0000 (GMT)
	(envelope-from dhartmei@insomnia.benzedrine.cx)
Received: from insomnia.benzedrine.cx (dhartmei@localhost [127.0.0.1])
	by insomnia.benzedrine.cx (8.13.4/8.13.4) with ESMTP id k5RDTOSW031882
	(version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO);
	Tue, 27 Jun 2006 15:29:24 +0200 (MEST)
Received: (from dhartmei@localhost)
	by insomnia.benzedrine.cx (8.13.4/8.12.10/Submit) id k5RDTNh5019529;
	Tue, 27 Jun 2006 15:29:23 +0200 (MEST)
Date: Tue, 27 Jun 2006 15:29:23 +0200
From: Daniel Hartmeier <daniel@benzedrine.cx>
To: "N. Ersen SISECI" <siseci@gmail.com>
Message-ID: <20060627132923.GE14502@insomnia.benzedrine.cx>
References: <44A10A44.1070602@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <44A10A44.1070602@gmail.com>
User-Agent: Mutt/1.5.10i
Cc: freebsd-pf@freebsd.org
Subject: Re: Keep State is not working on 6.1-RELAESE-p1
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jun 2006 13:29:27 -0000

On Tue, Jun 27, 2006 at 01:36:52PM +0300, N. Ersen SISECI wrote:

> My first rule is pass in all with keep state. But the packets do not
> seem to be able pass out from the other interface. If i change the last
> block's to "pass" everything works fine. It seems that the state table
> is always on if-bound'ed???
> 
> Is there a solution for this problem, or do I miss a configuration with
> kernel, pf, pf.conf etc... ??? or is this a bug :)

Neither, your interpretation of 'floating' does not match reality, see

  http://marc.theaimsgroup.com/?l=openbsd-pf&m=114372425614238&w=2

In short, create two state entries per connection.

Daniel