Date: Tue, 5 Mar 2024 10:29:04 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> To: "Eugene M. Zheganin" <eugene@zhegan.in>, freebsd-pf@freebsd.org Subject: Re: dumb question about "no state" Message-ID: <88035aa9-bfd1-41f4-ba9a-08b2bc8441d1@quip.cz> In-Reply-To: <d38d0e14-4b8b-420f-b9e7-62c521f003aa@zhegan.in> References: <d38d0e14-4b8b-420f-b9e7-62c521f003aa@zhegan.in>
next in thread | previous in thread | raw e-mail | index | archive | help
On 05/03/2024 09:11, Eugene M. Zheganin wrote: > Hello, > > I hope the following is self-explanatory: > > > pfctl -vs rules: > > [...] > > pass quick proto tcp all flags A/A no state > [ Evaluations: 1125881 Packets: 972814 Bytes: 421350757 States: > 82 ] > [ Inserted: uid 0 pid 28187 State Creations: 82 ] > > man pf.conf: > pass The packet is passed; state is created unless the no state > option is specified. > > > Why does this rule create states ? Am I misreading/misunderstanding the > part "state is created unless the no state option is specified" ? Also from the man page, few lines after your citation: By default pf(4) filters packets statefully; the first time a packet matches a pass rule, a state entry is created; for subsequent packets the filter checks whether the packet matches any state. Kind regards Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?88035aa9-bfd1-41f4-ba9a-08b2bc8441d1>