On Wed, Sep 03, 2008 at 05:32:25PM +0300, Artis Caune wrote: > >>>> I did test the folowing ruleset: > >>>> pass in quick on ep0 inet from 1.2.3.1 to 10.0.0.2 keep state > >>>> block drop out log quick on ep0 all > >>>> pass out quick on bge0 inet proto tcp from 1.2.3.1 to 10.0.0.2 > > maybe "set skip on ep0" ? >
Nope. There will be outgoing keep state rules on ep0. But not fro connections which are already in the state table. besides the skip would roll out all incoming rules as well. -Guido _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
