On Wed, May 23, 2018 at 11:03:38PM +0100, Mike Pumford wrote: > I'm going to be attempting to reproduce it in npf as well as I've got an > updated firewall box to deploy which I'm hoping will use npf instead of ipf > (assuming I can make npf do everything I want).
FWIW I'm going back to ipf: AFAICT keep state with ipf sends replies back through the interface the requests came in on, but npf obeys the routing table. It seems I was relying on ipf's behaviour. Feature? Bug? Cheers, Patrick
