SSH Session disconnecting with pf
Elliott Perrin
elliott at c7.ca
Tue Apr 8 02:50:48 UTC 2008
On Mon, 2008-04-07 at 17:05 -0700, Jeremy Chadwick wrote:
> On Mon, Apr 07, 2008 at 07:17:29PM -0400, Elliott Perrin wrote:
> > On Mon, 2008-04-07 at 16:07 -0700, Jeremy Chadwick wrote:
> > > On Mon, Apr 07, 2008 at 11:02:33PM +0100, Torsten @ CNC-LONDON wrote:
> > > > I'm running FreeBSD stable6.2 on all my servers and in the past one year I
> > > > notices a random disconnection of persistent sessions to and from servers
> > > > with is running as PF the firewall
> > >
> > > The big problem with your rules looks to be how you're determining SYN,
> > > and how you're using keep state.
> > >
> > > Below are some comments.
> > >
> > > > SYN_ONLY="S/FSRA"
> > >
> > > This is very, very wrong, and probably the cause of your issues. This
> > > should be S/SA.
> >
> > That is not very very wrong.
> >
> > Any TCP session starting up should only have the SYN flag set out of SYN
> > FIN ACK RST. As a matter of fact this is in theory a more secure setting
> > than S/SA (SYN out of SYN ACK).
>
> You're correct, and it was I who was very wrong. :-) Thank you for
> correcting me.
No apology necessary... especially with all the help you provide to
people on the list.
Cheers,
~e
More information about the freebsd-pf
mailing list