Hello,
On Thu, Jan 28, 2021 at 11:47:30AM +1000, David Gwynne wrote:
> i think these code chunks are around the wrong way.
>
> pfsync may want to defer the transmission of a packet. it does this so
> it can try and get a state over to a peer firewall before a host may
> send a reply to the peer, which would get dropped cos there's no
> matching state.
>
> i think the once rule processing should happen before that. the state
> is created from the rule, whether the packet the state is for goes out
> immediately or not shouldn't matter.
>
> ok?
yes it makes sense. thanks.
OK sashan
