On Fri, 13 Dec 2019 at 22:00, Victor Sudakov <v...@sibptus.ru> wrote: [...] > But then, what is the real difference betwttn if-bound and global?
it's not global but rather "floating". man pf.conf says: "... floating States can match packets on any interfaces (the default). ..." IOW, floating state doesn't care which interface gets reply traffic, meanwhile if-bound does. This adds something like urpf-failed protection to the state table. -- End of message. Next message?
