List Info

Thread: bin/96150: pfctl(8) -k non-functional
bin/96150: pfctl(8) -k non-functional
user name
 2006-06-20 11:00:41 
The following reply was made to PR bin/96150; it has been
noted by GNATS.

From: Maciej Wierzbicki <voovooskis.p.lodz.pl>
To: bug-followupFreeBSD.org,  jamesjlauser.net
Cc:  
Subject: Re: bin/96150: pfctl(8) -k non-functional
Date: Tue, 20 Jun 2006 13:00:19 +0200

 pfctl -k works without any problem on either 6.1-RELEASE-p1
or several 
 5.4/5.5 machines.
 
 Most probably the originator tried to use -k with
"external" hosts, not 
 local ones. In that case he should use pfctl -k host -k
host as 
 described in manpage:
 
 /*
               To kill all of the state entries from host1
to host2:
 
                     # pfctl -k host1 -k host2
 */
 
 So, in case there are two states:
 self tcp A.B.C.D:22 <- A1.B1.C.D:60361
ESTABLISHED:ESTABLISHED
 self tcp A.B.C.D:22 <- A2.B2.C.D:50120      
ESTABLISHED:ESTABLISHED
 
 pfctl -k A.B.C.D will kill both, while
 pfctl -k A.B.C.D -k A1.B1.C.D will kill first one only.
 
 -- 
 *   Maciej Wierzbicki * At paranoia's poison door  *
 *   VOO1-RIPE   *
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )