On Mon, Jan 31, 2011 at 11:28:13AM +0100, Henning Brauer wrote:
then i change my mind and we should add a note that the default pass
behaviour (NOT rule, even tho there kinda is a default rule
internally...) doesn't lead to state creation.
Perhaps it could be worded in terms of what one should do instead of
what one should not do - something along the lines of:
By default pf(4) filters packets statefully: the first time
a packet matches a pass rule, a state entry is created. If
no pass rule is matched, no state is created for that packet.
paulm
