Hello, (PF on openbsd 4.8)
I've got two small questions about the stats returned by pfctl -s info There are several state-mismatch. What does it mean? state-mismatch 79715 3.3/s Same for the normalize counter, I don't have any scrub rule and I don't know why some packets are normalized? normalize 7103 0.3/s Thanks. To finish, at $WORK we are migrating some Cisco router and Cisco PIX to Packet Filter on OpenBSD(4.8) and I have made two tools to help: https://listes.cru.fr/wiki/jtacl/public/pfconverter Be aware that there are many limitations. The other tool "jtacl" <https://listes.cru.fr/wiki/jtacl/> allows to check Cisco ACL and PF rules between two points of a network. (There are some limitations too...) HTH. Best regards.
