record keeping so, pf is stateful, as in, it tracks connections obvious for tcp, faked for udp etc wanted for security reasons, but also faster! ruleset traversal = boat, state table lookup = airplane NAT and interface bound states complicate things. NAT changes addresses ifbound states take precendence over floating ones