On Wed, Jun 15, 2005 at 07:09:32AM +0200, Nino Dehne wrote:
> My questions are now:
> 
> 1) Should pf update state entries which are the result of a rule with
> "dynamic" address syntax?

No, pf should leave the states alone.

> 2) Should state entries remain flushable even with securelevel 2?

No, any action from pfctl that changes things like rules, states, etc.
is not possible at securelevel 2. So in your case it would probably be
better to run at securelevel 1.

-- 
Peter Postma