Re: its confusing me

[jesk]

the rules that are matching all the time are the keep state rules:
-----------
Jan 23 01:17:28.121478 rule 23/0(match): pass in on vlan2: y.y.y.y.62708
> x.x.x.x.80: . ack 750065 win 32580 <nop,nop,timestamp 29419283[|tcp]>
(DF)
Jan 23 01:17:28.121490 rule 19/0(match): pass out on vlan1: y.y.y.y.62708
> x.x.x.x.80: . ack 750065 win 32580 <nop,nop,timestamp 29419283[|tcp]>
(DF)
Jan 23 01:17:28.121584 rule 19/0(match): pass in on vlan10: x.x.x.x.80 >
y.y.y.y.62708: . 754409:755857(1448) ack 0 win 33304 <nop,nop,timestamp
641841239[|tcp]> (DF)
Jan 23 01:17:28.121595 rule 23/0(match): pass out on vlan11: x.x.x.x.80 >
y.y.y.y.62708: . 754409:755857(1448) ack 0 win 33304 <nop,nop,timestamp
641841239[|tcp]> (DF)
-----------
i have to correct the tcpdump output, its like this:
-----------
Jan 23 01:17:28.121478 rule 23/0(match): pass in on vlan2: y.y.y.y.62708 > 
x.x.x.x.80: . ack 750065 win 32580 <nop,nop,timestamp 29419283[|tcp]> (DF)
Jan 23 01:17:28.121490 rule 19/0(match): pass out on vlan1: y.y.y.y.62708 > 
x.x.x.x.80: . ack 750065 win 32580 <nop,nop,timestamp 29419283[|tcp]> (DF)
Jan 23 01:17:28.121584 rule 19/0(match): pass in on vlan1: x.x.x.x.80 > 
y.y.y.y.62708: . 754409:755857(1448) ack 0 win 33304 <nop,nop,timestamp 
641841239[|tcp]> (DF)
Jan 23 01:17:28.121595 rule 23/0(match): pass out on vlan2: x.x.x.x.80 > 
y.y.y.y.62708: . 754409:755857(1448) ack 0 win 33304 <nop,nop,timestamp 
641841239[|tcp]> (DF)
-----------