Keep State is not working on 6.1-RELAESE-p1

Daniel Hartmeier daniel at benzedrine.cx
Tue Jun 27 13:29:27 UTC 2006


On Tue, Jun 27, 2006 at 01:36:52PM +0300, N. Ersen SISECI wrote:

> My first rule is pass in all with keep state. But the packets do not
> seem to be able pass out from the other interface. If i change the last
> block's to "pass" everything works fine. It seems that the state table
> is always on if-bound'ed???
> 
> Is there a solution for this problem, or do I miss a configuration with
> kernel, pf, pf.conf etc... ??? or is this a bug :)

Neither, your interpretation of 'floating' does not match reality, see

  http://marc.theaimsgroup.com/?l=openbsd-pf&m=114372425614238&w=2

In short, create two state entries per connection.

Daniel


More information about the freebsd-pf mailing list