Am Dienstag, den 15.12.2015, 09:24 +0000 schrieb C. L. Martinez: > I am trying to remove "flags S/SA keep state" for tcp packets inside > pf.conf and use "keep state" only, as it can do with udp and icmp. > > According to pf.conf man page, this is possible inserting "no state" > in tcp rule, but I can't use keep state.
"keep state" is addressed in pf.conf(5) (e.g. "Stateful Tracking Options"), but it is not mentioned as often as it is the default. IOW: If you have not changed the default options, you you may simply remove "flags S/SA keep state" string without changing mutch (except that it might now also match UDP/ICMP).
