Exploring the Mac OS X Firewall
Subject:   Slight error
Date:   2006-02-04 15:51:27
From:   sumbach
Response to: Slight error

This still isn't quite right. Using your rules, ipfw doesn't have any memory at all--it's using the TCP flags to determine whether the connection is established or not.

A stateful ipfw ruleset will always contain at least one rule with the 'check-state' action and at least one rule with the 'keep-state' option. ipfw's "memory" is in the form of dynamic rules.