View Single Post
  #6   (View Single Post)  
Old 12th July 2009
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

For efficiency, you should use quick

You also should use flags S/SA keep state for TCP traffic to make sure that state will be created on the first TCP packet of the three-way TCP handshake. The reason is explained in the "Filter statefully" section of http://undeadly.org/cgi?action=artic...20060927091645.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote