PF in FreeBSD 10.0 Blocking Some SSH
Jason Hellenthal
jhellenthal at dataix.net
Tue Jan 28 03:48:30 UTC 2014
Interesting I'll see if I can plug away with this and produce something similar to that using your rules once I can get past this kernel problem I have . . . ;-) definately a point release
--
Jason Hellenthal
Voice: 95.30.17.6/616
JJH48-ARIN
> On Jan 27, 2014, at 22:26, Robert Simmons <rsimmons0 at gmail.com> wrote:
>
> On Mon, Jan 27, 2014 at 4:06 PM, Jason Hellenthal
> <jhellenthal at dataix.net> wrote:
>>
>> I've seen similar things happen on SSH, that were due to a combination of
>> "scrub"ing and states expiring. Turning off scrub rules on SSH specifically
>> cured the scenario for me but I don't see an indication of whether or not
>> you are using that.
>
> I am not using any scrubbing rules.
>
>> You could also verify the states dropping by changing the optimization to
>> conservative.
>
> The problem does not seem to be happening today, so I will try this
> when it happens again:
> set optimization conservative
>
> However, the problem does not interrupt my ssh session with the
> server, so I don't think that its dropping an idle connection. It
> looks just to be blocking some packets involved with a connection.
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6118 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20140127/9ef88309/attachment.bin>
More information about the freebsd-pf
mailing list