On Mon, May 13, 2002 at 08:05:35PM -0700, Monroe Williams wrote:
> on 5/13/02 2:06 PM, Manuel Bouyer at bouyer@antioche.eu.org wrote:
> 
> > Indeed I use it with the log option:
> > pass out log first quick on ex0 proto icmp from any to any keep state
> 
> I just tried this rule.  Not only does it _not_ prevent multiple entries
> from appearing in the state table, it doesn't even prevent every packet from
> being logged.

Strange, I don't remember noticing this problem on my firewall here. Maybe UDP
isn't used that much :)

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--