Daniel Hartmeier wrote: > ... > Make sure that all your 'pass keep state' rules which can possibly > apply to TCP packets also use 'flags S/SA' (so they only apply to > initial SYNs), and that you block other TCP packets by default. > > ...
For a rule that matches both UDP and TCP packets, is "flags S/SA" safely ignored for UDP ? --