On 2006/12/13 17:44, Stuart Henderson wrote: > On 2006/12/13 15:44, Albert Shih wrote: > > How can I translate this ipfw rule > > ipfw add permit from any to any establisd > > into pf rule ? > > Assuming the established session setup was allowed by a 'keep state' > rule, you don't do anything, it's done by default.
[clarification]: 'permit from any to any established' on ipfw passes packets with ACK or RST and is used on non-stateful firewalls to permit packets which are part of an active connection. Direct equivalent I think would be to have two pass rules for R/R and A/A, but it would be unusual to do this in PF without extraordinary circumstances.
