On Mon, 6 Oct 2008 14:44:54 +0100, "James Seward" <[EMAIL PROTECTED]> wrote:
> On Mon, Oct 6, 2008 at 12:51 PM, Jeremy Chadwick <[EMAIL PROTECTED]> wrote:
>> I've never gotten a definite answer as to what happens if you use "flags
>> S/SA" on a rule that is for UDP, since UDP is a non-negotiated protocol.
>> That's why I split them up per protocol on RELENG_6 boxes.
>
> It intelligently ignores it:
> % pfctl -vn -f-
> pass out proto { tcp udp } all flags S/SA keep state
>
> Output:
> pass out proto tcp all flags S/SA keep state
> pass out proto udp all keep state
The ruleset optimizer displays something similar too:
> pfctl -sr -o basic
shows the same pair of rules :)
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
