I have allowed vmnet5 to http and dns to any destination, and drop all for the rest.
Nmap from client
Actually nmap could not determine whether port 80 is opened or closed because there is no response.
Packet filter log
Looks like the packet filter accept despite TCP FIN was sent…
The below tcpdump proves that TCP FIN was sent over.
So based on the packet filter log I should conclude that packet filter is a stateless access control?