Hello, On Thu, Jan 28, 2021 at 11:47:30AM +1000, David Gwynne wrote: > i think these code chunks are around the wrong way. > > pfsync may want to defer the transmission of a packet. it does this so > it can try and get a state over to a peer firewall before a host may > send a reply to the peer, which would get dropped cos there's no > matching state. > > i think the once rule processing should happen before that. the state > is created from the rule, whether the packet the state is for goes out > immediately or not shouldn't matter. > > ok?
yes it makes sense. thanks. OK sashan