From owner-freebsd-pf@FreeBSD.ORG Tue Jul 11 10:39:35 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF0B416A4E1 for ; Tue, 11 Jul 2006 10:39:35 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from smtp.nildram.co.uk (smtp.nildram.co.uk [195.112.4.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8066443D49 for ; Tue, 11 Jul 2006 10:39:35 +0000 (GMT) (envelope-from Greg.Hennessy@nviz.net) Received: from gw2.local.net (unknown [62.3.210.251]) by smtp.nildram.co.uk (Postfix) with ESMTP id DBBD7236B9E for ; Tue, 11 Jul 2006 11:39:31 +0100 (BST) From: "Greg Hennessy" To: "'Ronnel P. Maglasang'" Date: Tue, 11 Jul 2006 11:39:27 +0100 Keywords: freebsd-pf Message-ID: <000301c6a4d6$48d7b2d0$0a00a8c0@thebeast> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 In-Reply-To: <44B37BA0.7030405@infoweapons.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Thread-Index: Acak1RjvTQASZIGST6aMkQsOakVCuAAALokg X-OriginalArrivalTime: 11 Jul 2006 10:39:27.0869 (UTC) FILETIME=[48D7B2D0:01C6A4D6] Cc: freebsd-pf@freebsd.org Subject: RE: PF firewall rules X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jul 2006 10:39:36 -0000 > > > > > is it safe to say to just remove the "keep state" behavior > for udp and other connectionless packets? No. Anything but. If you don't keep state, you would have to specifically code wide open ingress packet filtering rules for reply traffic. Greg