View Single Post
  #6   (View Single Post)  
Old 8th February 2017
damageG damageG is offline
Port Guard
 
Join Date: Feb 2017
Posts: 13
Default

Just to see if I understand it, the line

Quote:
pass in on $int_if inet
Expands to

Quote:
pass in on vlan102 inet all flags S/SA
And a couple other interfaces with the same rules.

Dropbox is trying to use a TCP connection that has expired in the state table so pf sees an ACK and drops it because it's not an S/SA. I'm guessing that when the connection gets dropped, Dropbox opens a new one so it's not an issue.
Reply With Quote