4e6d900ce6
If the proxy server is running on the same subnet as the clients, the return traffic from the proxy will go directly back to them without ever hitting the firewall, which means the states will never get updated and may fill-up your pflog(4) with blocked attempts. To circumvent this the "no state" option needs to be specified for the route-to rule. ok Brad, intput/ok sthen@ (maintainer)