Ed White wrote:
This is a message from an interesting thread on [EMAIL PROTECTED]
http://marc.theaimsgroup.com/?l=openbsd-misc&m=109422765506037&w=2
In short the question is:
why doesn't PF kill all the states associated with the tables entries when you flush a table ?
Why?
Because states have always survived rules. You can remove all your rules, your states will stay there. That is what ppl expect, and there is no reason to change that default behaviour. But since tables statistics already record the fact that a state exist for an address that is no longer there (XPASS) optionally blocking such packets or removing the state could be done easily. don't know if that's a good idea. Cedric
