connect(): Operation not permitted
Matthew Seaman
m.seaman at infracaninophile.co.uk
Sun May 18 07:19:37 UTC 2008
Johan Ström wrote:
> drop all traffic)? A check with pfctl -vsr reveals that the actual rule
> inserted is "pass on lo0 inet from 123.123.123.123 to 123.123.123.123
> flags S/SA keep state". Where did that "keep state" come from?
'flags S/SA keep state' is the default now for tcp filter rules -- that
was new in 7.0 reflecting the upstream changes made between the 4.0 and 4.1
releases of OpenBSD. If you want a stateless rule, append 'no state'.
http://www.openbsd.org/faq/pf/filter.html#state
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20080518/3ba12348/signature.pgp
More information about the freebsd-pf
mailing list