> Huh? Keeping state is exactly why, I believe, it was not working > properly. Adding "no state" was the critical change. > > > What if you remove "no state"? > > Then it will once again treat continuing connections as the same > connection and fail to block it.
I have to rethink about this. To my knowledge, it should not. Different sessions, right? > The manual explains how to keep state or not. What makes you think > that you *must* keep state for UDP. To my way of thinking not keeping > state should be the default for UDP, at least for incoming connections. I will need some time to think again. And read manuals. For sure, I know where this might be taken for better answer than mine: [email protected]. You don't have to use openbsd to ask question, since you run pf. It could be me, if you don't find the solution next day or two. When I asked about pf on netbsd on the list, de Raadt wished me all the best, due to old pd version. Frankly I need more time if I could make it more simple to load rules. Becomes interesting. Best regards Zoran
