Re: dumb question about "no state"
- In reply to: Eugene M. Zheganin: "Re: dumb question about "no state""
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 05 Mar 2024 11:55:42 UTC
On 05/03/2024 11:30, Eugene M. Zheganin wrote: > Hello, > > On 05.03.2024 14:29, Miroslav Lachman wrote: >> >>> Why does this rule create states ? Am I misreading/misunderstanding >>> the part "state is created unless the no state option is specified" ? >> >> Also from the man page, few lines after your citation: >> >> By default pf(4) filters packets statefully; the first time a packet >> matches a pass rule, a state entry is created; for subsequent packets >> the filter checks whether the packet matches any state. >> > I'm failing to see how this can explain state creation by a rule that > clearly shouldn't create any states at all. Furthermore, state are > (usually) created by a packet with SYN flag, in case of TCP. I am sorry, you are right. I missed the part of your message with 82 states. I have no explanation for that. Kind regards Miroslav Lachman