Mindaugas Rasiukevicius <[email protected]> writes: > I agree that this is not really intuitive and the documentation did > not clarify this either.
Yes, the documentation should be changed to state that when you explicitly specify tcp and stateful, you get the s/safr set. Most importantly, the examples (npf.conf(5) and /usr/share/examples/npf) should be corrected so they show the safest way to set things up. I must say, NPF is a joy to use. Even more sysadmin-friendly than PF. -tih -- I like long walks, especially when they are taken by people who annoy me.
