> pass out on gif0 inet6 proto tcp from any to any port 6600:7000 keep > state (max-src-conn 0, overload <ip6_auth>) > > Looks good, but does not work. PF complains: " 'max-src-conn' must be > > 0". With "max-src-conn 1" the IP address only gets added to the > table with the second connection, which doesn't help me in my case. > I'd need to have the address in the table as soon as the first > connection is build up.
An additional (and maybe better) question is: Why is "max-src-conn 0" not allowed? As far as I can see, a value of zero for max-src-conn would solve my problem. Most probably there is a good reason for this limit, but which reason is it? It's probably not a good idea to remove this limit without understanding why it's there... Thank you for any help with this! Tas.
