Re: dumb question about "no state"

Reply: Miroslav Lachman : "Re: dumb question about "no state""
In reply to: Miroslav Lachman : "Re: dumb question about "no state""
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Eugene M. Zheganin <eugene_at_zhegan.in>
Date: Tue, 05 Mar 2024 10:30:19 UTC

Hello,

On 05.03.2024 14:29, Miroslav Lachman wrote:
>
>> Why does this rule create states ? Am I misreading/misunderstanding 
>> the part "state is created unless the no state option is specified" ?
>
> Also from the man page, few lines after your citation:
>
> By default pf(4) filters packets statefully; the first time a packet 
> matches a pass rule, a state entry is created; for subsequent packets 
> the filter checks whether the packet matches any state.
>
I'm failing to see how this can explain state creation by a rule that 
clearly shouldn't create any states at all. Furthermore, state are 
(usually) created by a packet with SYN flag, in case of TCP.


Eugene.