Actually the more I read about this the more confused I am getting. I am using either XPx64 or latest Ubuntu to look at this website from my internal NAT side. Maybe both of these are using it ? So its not Vista initiating this TCP packet. Once the packet leaves the XP machine then its requested from my Squid proxy and therefore started from the in side of the firewall to the out. So the filter which needs to have the S/SA bit set is going out not initiated from external coming in and once the connection is set up then PF holds it in the state table. At least thats what I thought. I am using 4.6 so that I thought the flags S/SA bit and the keep state were on by default. Gah !
|