On Fri, Aug 30, 2002 at 08:55:41AM -0400, Amir Seyavash Mesry wrote: > Ok so a keep state statement such as > "Pass out all keep state" > would be the same as > "Permit any, any established" > on a cisco router?
> Anyone??? I'm not familiar with Cisco rule sets, so please explain what the latter rule does, exactly. The rule 'pass out all keep state' in pf will let all outgoing packets pass and keeps track of the connections, so incoming packets (replies) of the those connections are passed automatically as well. Together with a rule that blocks all incoming packets by default, this rule set would allow only outgoing connections (but pass replies related to them back in) and block incoming connections. Daniel
