removing states within an anchor

[shoks]

Hi All,

I'm not sure if this is a bug or a limitation. Is it possible to remove
the states created inside an anchor? Or show all the states created
by rules inside an anchor?

I have an anchor "ssh_a" which has created two states:

# pfctl -a ssh_a -sr -v
pass in log quick on vr0 inet proto tcp from any to 10.10.0.161 port = ssh
flags S/SA keep state
  [ Evaluations: 4681      Packets: 6956      Bytes: 983364      States:
2     ]
  [ Inserted: uid 0 pid 2045 ]
#

I wanted to display the states created by rules within "ssh_a", but the
command
below shows all the states.

# pfctl -a ssh_a -ss -v
all tcp 10.10.0.161:22 <- 10.3.1.42:58120       ESTABLISHED:ESTABLISHED
   [4069877326 + 66560] wscale 3  [1308386281 + 66608] wscale 3
   age 00:22:10, expires in 24:00:00, 1148:842 pkts, 91792:138616 bytes,
anchor 5, rule 0
all tcp 10.10.0.161:22 <- 10.3.1.42:62296       ESTABLISHED:ESTABLISHED
   [555879689 + 66560] wscale 3  [1395082873 + 66608] wscale 3
   age 00:05:05, expires in 23:59:11, 20:19 pkts, 3376:4620 bytes, anchor 5,
rule 0
all tcp 10.10.0.161:80 <- 10.3.1.42:62952       FIN_WAIT_2:FIN_WAIT_2
   [3637383497 + 66608] wscale 3  [3544701268 + 66607] wscale 3
   age 00:00:17, expires in 00:01:23, 6:4 pkts, 802:440 bytes, anchor 4,
rule 0
all ipv6-icmp ff02::1[16584] <- fe80::21b:21ff:fe1d:35bc
NO_TRAFFIC:NO_TRAFFIC
   age 00:00:08, expires in 00:00:12, 1:0 pkts, 96:0 bytes, anchor 3, rule
14
all icmp 10.10.0.161:21514 <- 10.3.1.42       0:0
   age 00:00:02, expires in 00:00:08, 1:1 pkts, 84:84 bytes, anchor 3, rule
2
#

Removing the states within "ssh_a" with the command "pfctl -a ssh_a -Fs"
would
remove all the states.

Thanks,
sho