BAD state/State failure with large number of requests

[Greg Hennessy]

> The part that confused me was that the connections failed 
> immediately -- it turns out that PF sends a RST upon state 
> mismatch during the intial handshake, as opposed to dropping 
> the packets and letting the connection time out.


As a matter of policy, I would never black hole internally sourced traffic
traversing packet filtering infrastructure under my control. 

There are few things worse from a management/debugging perspective than to
have packets disappear into the wild blue yonder with no indication of why. 



Greg