impossible rc.d ordering problem with stf and pf ?
James Long
stable at museum.rain.com
Wed Jan 31 19:58:43 UTC 2007
On Wed, Jan 31, 2007 at 09:30:56AM +0200, Stefan Lambrev wrote:
> Hello,
>
> >> pass out on (stf0) inet6 from any to any keep state
> >>
> >
> >Just for my edification, what is the point of "keep state" on an
> >"any-to-any" rule?
> >
> >
> imagine that you have only 2 rules -
> block in on $if all
> pass out on $if from any to any keep state
>
> - with "keep state" you have internet, without it you do not have ;)
Thank you.
I must read more closely. I did not grok the "out."
Jim
More information about the freebsd-stable
mailing list