Re: dumb question about "no state"
- In reply to: Eugene M. Zheganin: "dumb question about "no state""
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 06 Mar 2024 08:44:35 UTC
On 2024-03-05 09:11, Eugene M. Zheganin wrote: > pass quick proto tcp all flags A/A no state > [ Evaluations: 1125881 Packets: 972814 Bytes: 421350757 States: > 82 ] > [ Inserted: uid 0 pid 28187 State Creations: 82 ] > > man pf.conf: > pass The packet is passed; state is created unless the no state > option is specified. > > > Why does this rule create states ? Am I misreading/misunderstanding the > part "state is created unless the no state option is specified" ? Any chance there's nat, binat or rdr involved? Usage of NAT forces stateful tracking, even if the passing rule declars stateless tracking. -- | pozdrawiam / regards | Powered by macOS, Debian and FreeBSD | | Kajetan Staszkiewicz | www: http://vegeta.tuxpowered.net | `----------------------^--------------------------------------'