The following reply was made to PR kern/28418; it has been noted by GNATS.

From: christos@zoulas.com (Christos Zoulas)
To: Darren Reed <darrenr@NetBSD.org>
Cc: gnats-bugs@netbsd.org
Subject: Re: kern/28418
Date: Thu, 16 Jun 2005 18:59:18 -0400

 On Jun 16, 10:52pm, darrenr@NetBSD.org (Darren Reed) wrote:
 -- Subject: Re: kern/28418
 
 | Now I see what the patch is...
 | 
 | What particular scenario are you concerned about?
 | People writing:
 | pass in quick proto icmp all keep state
 | 
 | and finding ICMP echo-reply packets blocked?
 | Or something else?
 | 
 | The problem here is that the "add state" happens after the rule
 | processing has been finished.
 | 
 | Maybe a better solution is to move where state gets added so that
 | if a rule is a "quick" rule and it is also "keep state", we try and
 | add the state immediately and if it fails, continue processing the
 | rest of the rules.
 
 That should work. As I said on icb I have:
 
 pass in quick all keep state
 
 christos