why BAD state messages

Jeremy Chadwick koitsu at FreeBSD.org
Fri Aug 15 17:30:46 UTC 2008


On Fri, Aug 15, 2008 at 01:26:31PM -0300, Alexandre Biancalana wrote:
> Looking the logs I made some math on each state
> 
>  9:9      6174 times
>  4:4      3283 times
>  4:9      2611 times
> 10:10   1382 times
>  2:0        878 times
>  9:4        520 times

pfctl -s info will show a total counter for this (and some other
oddities, but the majority are probably for what Max has described
above), called state-mismatch.

> How can I give a larger range for outgoing conections if the clients
> connect directly to the servers ? In this case I don't have any rdr
> rule.

Clients connecting ***to*** the FreeBSD server would be considered an
incoming connection, not an outgoing one.

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |



More information about the freebsd-pf mailing list