On Mon, Feb 09, 2004 at 03:29:43AM -0500, Hsiao-lung Chang wrote: > What I'm curious about is if keep state can still be used on a rule with a > table? > If the rule is not hit due to keep state, would the table counters still be > accurate?
Yes. All packet/byte counters in pf (table, rule, anchor, interface, src-node) take 'keep state' into account, even though the packet bypasses the ruleset matching after the first match.
