Igor Podlesny wrote: > [...] > > But then, what is the real difference betwttn if-bound and global? > > it's not global but rather "floating". man pf.conf says: > > "... floating States can match packets on any interfaces (the default). ..."
Of course I meant "floating", it's in the Subject line. > > IOW, floating state doesn't care which interface gets reply traffic, > meanwhile if-bound does. Is there yet another policy which doesn't care what direction the stateful traffic goes? The state table should work before the rules anyway. The documentation you gave at https://docs.oracle.com/cd/E37838_01/html/E60993/pfovw-rls.html#NWSECpfovw-passin mentions some "sloppy" option for the kept state, is not what I'm looking for? > This adds something like urpf-failed protection to the state table. And a bit of confusion too. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/
