On Fri, Mar 14, 2003 at 09:04:51AM -0500, ben fleis wrote: > i hope this is the right forum for asking this question... i imagine it will > have a simple answer :)
simple answer : no need to keep state on lo :) simple facts: - these packets are filtered on lo0 twice, one inbound and one outbound - you have 'pass out on lo0 keep state' kind of rule thus the DNS request and reply create distinct 'outbound' states. - for fun and symmetry, add a 'pass in on lo0 keep state' (see simple answer) Can
