pf misfeature
Robert Blacquiere
freebsd-net at blacquiere.nl
Thu Nov 8 12:01:26 PST 2007
On Thu, Nov 08, 2007 at 08:08:52PM +0100, Dag-Erling Sm??rgrav wrote:
> Given appropriate definitions for $eth and $lan, you'd expect the
> following rule to simply pass all traffic originating from and destined
> for the LAN:
>
> pass on $eth from $lan to $lan
>
> However, in pf, "keep state" is *implicit* (why?), so you'd expect it to
> turn into something like this:
I think this was turned on in the OpenBSD as of 4.0 i think. Default
keep state.
To negate this behavour in OpenBSD pf you can add no state
:
pass on $eth from $lan to $lan no state
I'me not sure if this also works on FreeBSD
Regards
--
Microsoft: Where do you want to go today?
Linux: Where do you want to go tomorrow?
FreeBSD: Are you guys coming or what?
OpenBSD: Hey guys you left some holes out there!
More information about the freebsd-net
mailing list