SSH Session disconnecting with pf
Jeremy Chadwick
koitsu at freebsd.org
Tue Apr 8 00:05:58 UTC 2008
On Mon, Apr 07, 2008 at 07:17:29PM -0400, Elliott Perrin wrote:
> On Mon, 2008-04-07 at 16:07 -0700, Jeremy Chadwick wrote:
> > On Mon, Apr 07, 2008 at 11:02:33PM +0100, Torsten @ CNC-LONDON wrote:
> > > I'm running FreeBSD stable6.2 on all my servers and in the past one year I
> > > notices a random disconnection of persistent sessions to and from servers
> > > with is running as PF the firewall
> >
> > The big problem with your rules looks to be how you're determining SYN,
> > and how you're using keep state.
> >
> > Below are some comments.
> >
> > > SYN_ONLY="S/FSRA"
> >
> > This is very, very wrong, and probably the cause of your issues. This
> > should be S/SA.
>
> That is not very very wrong.
>
> Any TCP session starting up should only have the SYN flag set out of SYN
> FIN ACK RST. As a matter of fact this is in theory a more secure setting
> than S/SA (SYN out of SYN ACK).
You're correct, and it was I who was very wrong. :-) Thank you for
correcting me.
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
More information about the freebsd-pf
mailing list