[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf state issue



On Fri, Mar 14, 2003 at 09:04:51AM -0500, ben fleis wrote:
> i hope this is the right forum for asking this question... i imagine it will
> have a simple answer :)
simple answer : no need to keep state on lo :)
simple facts:
- these packets are filtered on lo0 twice, one inbound and one outbound
- you have 'pass out on lo0 keep state' kind of rule thus the DNS request
  and reply create distinct 'outbound' states.
- for fun and symmetry, add a 'pass in on lo0 keep state' (see simple answer)
Can