Jan Stary [[email protected]] wrote: > The "Passing Traffic" example at > http://www.openbsd.org/faq/pf/filter.html > doesn't seem to be completely accurate. > > # Pass traffic in on dc0 from the local network, 192.168.0.0/24, > # to the OpenBSD machine's IP address 192.168.0.1. Also, pass the > # return traffic out on dc0. > pass in on dc0 from 192.168.0.0/24 to 192.168.0.1 > pass out on dc0 from 192.168.0.1 to 192.168.0.0/24 > > It's the "return" that bugs me: the first rule alone > makes the _return_ traffic be passed. The second > rule allows traffic that originates (creates state) > on the way out. Right?
Yeah, that sounds right. When the example was written, "keep state flags S/SA" was not a default setting, now it is.
