On 2007/03/19 12:09, Renaud Allard wrote: > In the changelog from 4.0 to 4.1, I read: > # In pf.conf(5), make 'flags S/SA keep state' the implicit default for > filter rules. > > Does this only apply to tcp (as suggested by the flags) or to all > protocols?
you can see for yourself with pfctl -vf /etc/pf.conf how this change affects your ruleset; 'flags s/sa keep state' is added to TCP rules, 'keep state' to others. > Also, is there a way to specify that there should be no state > kept? yes: 'flags any no state'
