Igor Podlesny wrote: > [...] > > What am I missing? > > You're missing correct understanding of how states are handled in Pf.
Obviously. Therefore I came here for enlightenment. > > https://docs.oracle.com/cd/E37838_01/html/E60993/pfovw-rls.html#NWSECpfovw-passin A good explanation, thank you for the link. It's a pity this explanation is not in the pf documentation (or is it?). However, the link above does not cover the difference between if-bound and global state policies. And from man pf.conf I made the conclusion (mistakenly) that with state-policy=floating, pf states would work like those in ipf/ipfw. Where is floating vs if-bound explained at length? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
