pf randomly blocks specific packets?

Jeremy Chadwick koitsu at FreeBSD.org
Tue Jul 29 11:33:28 UTC 2008


On Tue, Jul 29, 2008 at 11:52:24AM +0200, Peter Wullinger wrote:
> Nejc ?koberne wrote:
>> pass in quick on $int_Trust from $addr_sysSvarun to any keep state
> Note: You can remove "keep state". This is implicit for newer version of pf.
>> pass quick on $int_Loop all
>> pass quick on $int_Jails all
> Note: These keep state, see above. You might want to add "no state" here,
> to decrease state table usage.

Or better use, use "set skip on $int_Loop $int_Jails", and avoid having
pf process any of them.

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |



More information about the freebsd-pf mailing list