On Thu, Nov 09, 2006 at 03:11:55PM +0100, Pierre-Yves Ritschard wrote: > > It works as expected but this looks like a 'state-policy ifbound' > > behavior right ? > > I tested this with latest (11/7) current available on my mirror and > the behavior is the same.
You're probably misreading what 'floating' means. See http://marc.theaimsgroup.com/?l=openbsd-pf&m=114372425614238&w=2 i.e. a floating state does not allow packets on arbitrary interfaces in arbitrary directions, it merely allows one direction on arbitrary interfaces (when routing changes). You still need two states if you filter both directions. Daniel
