> > > and few new install Mandriva2007 (linux kernel) that > > > couldn not browse the web (the other protocol work OK) > > > if the rules keep state in PF machine is activated. > > > > use 'flags S/SA keep state' > > > thanks for nice replay.. but it still doesnt work. > I believe that problem in mandriva2007 hosts rather > than PF.
Send a tcpdump of a failing connection, from start to finish (i.e. include the SYN packet).
