On Wed, Jan 17, 2007 at 02:29:13PM +0100, Samuel Mo?ux wrote: > every state is a [src, dst, direction] tuple > which lets pass [src -> dst, direction ] and [dst -> src, > not(direction)], but not [ src-> dst, not(direction) ] packets.
Very clear - I think that description should go into pf.conf(5) Also, I guess that if you use 'keep state if-bound', the interface is also included in the tuple.
