* Ed White <[email protected]> [2004-05-31 15:32]:
> However I'd like to know if every packet that belongs to that connection 
> (matches the state) will be marked with LAN tag.
no, only the first packet is (to be exact: only packets which do not 
match a state entry are tagged). This hasn't been a problem in practice 
(and is why the parser demands keep state on pass rules which do 
tagging); the tag operation is comparably expensive performance-wise so 
you don't really want that for each packet.
