On Tue, May 07, 2002 at 08:35:49PM -0700, Monroe Williams wrote:
> 
> I'm using the "keep state" rules on an ipf firewall, and I think I must be
> missing something.
> 
> When using the rules:
> 
> pass out quick on ex0 proto udp from any to any keep state
> pass out quick on ex0 proto icmp from any to any keep state
> 
> it appears that every packet that passes out on the interface creates a new
> state table entry.  For example, running ping for a short while on a

Maybe try something like this:
pass out first quick on ex0 proto udp from any to any keep state
pass out quick on ex0 proto udp from any to any keep state
pass out first quick on ex0 proto icmp from any to any keep state
pass out quick on ex0 proto icmp from any to any keep state

This works for me, on 1.5.2

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
--