You little ripper..! It seems to work like a charm (so far). Very good stuff - thank you.
States are being created, acknowledged as active, and then promptly disappearing from the active count. No mention of any orphan states in ipfstat -dsl Plus, ipf -FS -Fs works and actually clears the states, as in version 3. Only other problem I'm trying to sort - which probably isn't related - is why internet-bound traffic is slow out this firewall.. But I suspect that might be more to do with Solaris TCP tuning than IPFilter. I'll let you know if I notice anything else odd. It's pretty easy to compare because I've got the same ruleset (excluding interface names) on NetBSD/IPF3.4 and Solaris10/IPF4.1.15. Possibly when the dust settles this could be released as an official bugfix for the vanilla IPFilter (4.0.2) on Solaris 10? thanks for your hard work Darren Corey.
