On Sat, Feb 08, 2003 at 12:30:31PM -0700, Duncan Matthew Stirling wrote: > 12:06:49.545346 rule 583/0(match): block in on xl0: > webclient.atsomedomain.com.1252 > webserver.mydomain.com.www: FP > 0:429(429) ack 1 win 16623 (DF) > > @511 pass out quick on xl0 inet proto tcp from webserver.mydomain.com > port = https to any port > 1023 flags S/SA keep state
from zee manpage: flags S/SA Out of SYN and ACK, exactly SYN may be set. SYN, SYN+PSH and SYN+RST match, but SYN+ACK, ACK and ACK+RST do not. the fin, psh, and fin+psh packets are being blocked because they don't match flags S/SA. - jolan
