From 2e423df0b4c4ed89ddd1662e5dc992d9f695118e Mon Sep 17 00:00:00 2001
From: Ryan Thomas McBride <mcbride@cvs.openbsd.org>
Date: Fri, 6 Oct 2006 17:09:42 +0000
Subject: Handle default 'flags S/SA keep state', 'no state' and 'flags any'.

---
 regress/sbin/pfctl/pf7.ok | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'regress/sbin/pfctl/pf7.ok')

diff --git a/regress/sbin/pfctl/pf7.ok b/regress/sbin/pfctl/pf7.ok
index 8af3a52d37d..357f3180e30 100644
--- a/regress/sbin/pfctl/pf7.ok
+++ b/regress/sbin/pfctl/pf7.ok
@@ -14,14 +14,14 @@ pass out on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state
 pass in on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state
 pass out on tun1000000 proto udp all keep state
 pass in on tun1000000 proto udp from any to any port = domain keep state
-pass out on tun1000000 proto tcp all modulate state
-pass in on tun1000000 proto tcp all modulate state
+pass out on tun1000000 proto tcp all flags S/SA modulate state
+pass in on tun1000000 proto tcp all flags S/SA modulate state
 pass in on tun1000000 proto udp all keep state
 pass in on tun1000000 proto icmp all keep state
 pass in on tun1000000 proto udp all keep state
 pass in on tun1000000 proto tcp all flags S/SA synproxy state
 pass in on tun1000000 proto icmp all keep state
-pass in on tun1000000 proto tcp from any to any port = ssh modulate state
-pass in on tun1000000 proto tcp from any to any port = smtp modulate state
-pass in on tun1000000 proto tcp from any to any port = domain modulate state
-pass in on tun1000000 proto tcp from any to any port = auth modulate state
+pass in on tun1000000 proto tcp from any to any port = ssh flags S/SA modulate state
+pass in on tun1000000 proto tcp from any to any port = smtp flags S/SA modulate state
+pass in on tun1000000 proto tcp from any to any port = domain flags S/SA modulate state
+pass in on tun1000000 proto tcp from any to any port = auth flags S/SA modulate state
-- 
cgit v1.2.3