Hi, I'm replacing an openbsd 2.8 firewall running IPF with an openbsd 3.4 firewall running PF.
It seems that the "keep state" rule functions differently between these two. In IPF, a rule like: pass in quick on rl0 from any to any port 25 keep state seems to implicitly allow the packets out on another interface (rl1). whereas in PF to get the same behaviour I seem to need: pass in quick on rl0 from any to any port 25 keep state pass out quick on rl1 from any to any port 25 keep state Is this expected behaviour? thanks, Craig Bennett
