New pf install on Freebsd7 seem to be a slow starter.
Max Laier
max at love2party.net
Wed Jul 9 23:48:13 UTC 2008
On Wednesday 09 July 2008 20:29:21 Leslie Jensen wrote:
> Anyway I have one PC on the inside and it takes some time before it's
> able to reach the outside world.
What David said.
> Another thing I see is that for example I add log (all) to one of my
> filters and do pfctl -f /etc/pf.conf, then later I remove it again and
> do pfctl -f /etc/pf.conf. The output from tcpdump -n -e -ttt -i pflog0
> still shows packages as if it had not refreshed and still have the "log
> (all)" active.
That's expected. The rule will create a state with the "log (all)" flag
set. When you reload the ruleset no more new states will be created with
that flag, but the existing states stick around and keep logging all
packets. You can either "pfctl -Fstates" or simply wait until they die
off on their own.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
More information about the freebsd-pf
mailing list