pf buggy on 6.1-STABLE?

Chris Buechler cbuechler at gmail.com
Thu Jun 8 15:19:04 UTC 2006


On 6/8/06, Dominic Marks <dom at helenmarks.co.uk> wrote:
>
> I've experienced the same. If you have a lot of concurrent connections
> going on it seems that every so often an connection will be blocked,
> even if it doesnt match any rule. In my case I experienced this with
> apache22 acting as a reverse proxy/virtual host.
>

This sounds a lot like the port randomization problems discussed by
Michael Silbersack in his BSDCan presentation.  specifically, pages
12-14.  http://www.silby.com/bsdcan06/silbersack_bsdcan06.pdf

That shouldn't be an issue anymore, but I don't know when that was resolved.

cheers,
-Chris


More information about the freebsd-pf mailing list