pfctl -k Not functioning!
Александр бызов
sash-b at mail.ru
Sun Jun 3 07:25:43 UTC 2007
Hello, I run FreeBSD 6.2, FreeBSD 6.1 on the same result.
When I run pfctl-k target_ip I expect that will be killed every state with target_ip, but killed only if target_ip a source.
The source address is located on the left in the withdrawal pfctl -ss rather than one who is the arrow.
Example :
FreeBSD-GW# pfctl -ss
self tcp 192.168.17.238:1766 -> 217.17.178.234:57229 -> 64.233.183.147:80 ESTABLISHED:ESTABLISHED
self tcp 64.233.183.147:80 <- 192.168.17.238:1766 ESTABLISHED:ESTABLISHED
self tcp 192.168.17.200:22 -> 192.168.17.238:1305 ESTABLISHED:ESTABLISHED
FreeBSD-GW# pfctl -k 192.168.17.238
killed 1 states from 1 sources and 0 destinations
FreeBSD-GW# pfctl -ss
self tcp 64.233.183.147:80 <- 192.168.17.238:1766 ESTABLISHED:ESTABLISHED
self tcp 192.168.17.200:22 -> 192.168.17.238:1305 ESTABLISHED:ESTABLISHED
FreeBSD-GW# pfctl -k 64.233.183.147
killed 1 states from 1 sources and 0 destinations
FreeBSD-GW# pfctl -ss
self tcp 192.168.17.200:22 -> 192.168.17.238:1305 ESTABLISHED:ESTABLISHED
FreeBSD-GW#
Task would be solved if we can kill all the states where destination is target_ip .
For example in OpenBSD running command :
#pfctl -k 0.0.0.0/0 -k 192.168.2.238
but my computer has responded:
pfctl: getaddrinfo: hostname nor servname provided, or not known
Hope for your help in solving this problem.
--
Sorry for my English!
Sincerely,
Byzov Alexander mailto : sash-b at mail.ru
More information about the freebsd-pf
mailing list