When there is no flag mask given, it is assumed you wish to match against all of the protocol bits that influence state, and that is the set to the right of the '/'.
Allan Reed wrote: > Thanks Darren. I gave that a shot and no go. When I do an ipfstat -io I get: > > flags S/FSRPAU > > I read (somewhere) that that this is the most restrictive. Not sure > if that is correct, but i was curious where all the extra flags came > from (I am assuming default). Can you point me to a document that > helps explain this? > > On Thu, Oct 2, 2008 at 12:55 AM, Darren Reed <[email protected]> wrote: > For all of your "pass .. proto tcp ... keep state" rules, > add in "flags S" in the correct location and see if that helps. > > Darren >> >>
