Re: dumb question about "no state"

Reply: Eugene M. Zheganin: "Re: dumb question about "no state""
In reply to: Eugene M. Zheganin: "dumb question about "no state""
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Miroslav Lachman <000.fbsd_at_quip.cz>
Date: Tue, 05 Mar 2024 09:29:04 UTC

On 05/03/2024 09:11, Eugene M. Zheganin wrote:
> Hello,
> 
> I hope the following is self-explanatory:
> 
> 
> pfctl -vs rules:
> 
> [...]
> 
> pass quick proto tcp all flags A/A no state
>    [ Evaluations: 1125881   Packets: 972814    Bytes: 421350757 States: 
> 82    ]
>    [ Inserted: uid 0 pid 28187 State Creations: 82    ]
> 
> man pf.conf:
>       pass  The packet is passed; state is created unless the no state 
> option is specified.
> 
> 
> Why does this rule create states ? Am I misreading/misunderstanding the 
> part "state is created unless the no state option is specified" ?

Also from the man page, few lines after your citation:

By default pf(4) filters packets statefully; the first time a packet 
matches a pass rule, a state entry is created; for subsequent packets 
the filter checks whether the packet matches any state.


Kind regards
Miroslav Lachman