bin/96150: pfctl(8) -k non-functional
Maciej Wierzbicki
voovoos at kis.p.lodz.pl
Tue Jun 20 11:00:41 UTC 2006
The following reply was made to PR bin/96150; it has been noted by GNATS.
From: Maciej Wierzbicki <voovoos at kis.p.lodz.pl>
To: bug-followup at FreeBSD.org, james at jlauser.net
Cc:
Subject: Re: bin/96150: pfctl(8) -k non-functional
Date: Tue, 20 Jun 2006 13:00:19 +0200
pfctl -k works without any problem on either 6.1-RELEASE-p1 or several
5.4/5.5 machines.
Most probably the originator tried to use -k with "external" hosts, not
local ones. In that case he should use pfctl -k host -k host as
described in manpage:
/*
To kill all of the state entries from host1 to host2:
# pfctl -k host1 -k host2
*/
So, in case there are two states:
self tcp A.B.C.D:22 <- A1.B1.C.D:60361 ESTABLISHED:ESTABLISHED
self tcp A.B.C.D:22 <- A2.B2.C.D:50120 ESTABLISHED:ESTABLISHED
pfctl -k A.B.C.D will kill both, while
pfctl -k A.B.C.D -k A1.B1.C.D will kill first one only.
--
* Maciej Wierzbicki * At paranoia's poison door *
* VOO1-RIPE *
More information about the freebsd-pf
mailing list