Date: Tue, 5 Mar 2024 15:30:19 +0500 From: "Eugene M. Zheganin" <eugene@zhegan.in> To: Miroslav Lachman <000.fbsd@quip.cz>, freebsd-pf@freebsd.org Subject: Re: dumb question about "no state" Message-ID: <3983e6ab-5760-408e-a3a8-b40c8eb24c1d@zhegan.in> In-Reply-To: <88035aa9-bfd1-41f4-ba9a-08b2bc8441d1@quip.cz> References: <d38d0e14-4b8b-420f-b9e7-62c521f003aa@zhegan.in> <88035aa9-bfd1-41f4-ba9a-08b2bc8441d1@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, On 05.03.2024 14:29, Miroslav Lachman wrote: > >> Why does this rule create states ? Am I misreading/misunderstanding >> the part "state is created unless the no state option is specified" ? > > Also from the man page, few lines after your citation: > > By default pf(4) filters packets statefully; the first time a packet > matches a pass rule, a state entry is created; for subsequent packets > the filter checks whether the packet matches any state. > I'm failing to see how this can explain state creation by a rule that clearly shouldn't create any states at all. Furthermore, state are (usually) created by a packet with SYN flag, in case of TCP. Eugene.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3983e6ab-5760-408e-a3a8-b40c8eb24c1d>