Dmitry Medvedev wrote:
Good day, [EMAIL PROTECTED]
obsd42# uname -a
OpenBSD obsd42.oganer.net 4.2 GENERIC#1 i386
obsd42# echo "pass (max 32)" | pfctl -vnf -
stdin:1: syntax error
obsd42# echo "pass keep state (max 32)" | pfctl -vnf -
pass all flags S/SA keep state (max 32, adaptive.start 18, adaptive.end 36)
obsd42#
Is that correct behavior what we need to specify "keep state", which
is should be by default? or I miss something?
--
Dmitry Medvedev
pf.conf(5):
STATEFUL TRACKING OPTIONS
A number of options related to stateful tracking can be applied on
a per-
rule basis. keep state, modulate state and synproxy state support
these
options, and keep state must be specified explicitly to apply
options to
a rule.
max <number>
Limits the number of concurrent states the rule may create. When
this limit is reached, further packets that would create
state will
not match this rule until existing states time out.
