[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Stupid state question

Can pf block packets based on state information alone?  Or does it only allow
packets of an established connection and pass the rest on to the rules?  If
it can block packets based on state information alone, does it log those
blocked packets to pflog? 
Basically, I've got some failing http connections and I need to rule out the
possibility that my firewall is breaking them.  I log all the packets that
get blocked by regular firewall rules, but if the state inspector is
dropping packets, I wouldn't necessarily see those in my pflog.
-Dylan Martin
 Seattle WA, USA