> > > > > is it safe to say to just remove the "keep state" behavior > for udp and other connectionless packets? No. Anything but. If you don't keep state, you would have to specifically code wide open ingress packet filtering rules for reply traffic. Greg