Ah, this must be the case. Thanks. On Mon, Jul 29, 2002 at 08:45:13AM +0200, Daniel Hartmeier wrote: > On Sun, Jul 28, 2002 at 10:49:44PM -0700, mike schiffman wrote: > > > pass out proto tcp from any to any flags S/SA keep state > > Try > > pass out from any to any allow-opts > > instead. pf, by default, blocks packets with IP options. If you want to > pass them, use the 'allow-opts' rule parameter. > > Also, if you pass TCP packets statefully (with 'keep state'), pf will > use the TCP flags to track the connection, and automatically drop > certain combinations or sequences. If you don't want that, don't use > 'keep state', but pass those packets statelessly. > > Daniel
-- Network packets at bargin basement rates -- ask me how.
