pf block question
Matt Rechkemmer
tiberius at trancell.org
Thu Jun 9 20:49:49 GMT 2005
On Thu, Jun 09, 2005 at 01:51:16PM +0300, Giorgos Keramidas wrote:
>
> If you add "quick" to the `block from <badhosts>' rule, packets from
> these hosts will immediately be dropped -- which is what you probably
> want to do, if I have understood what you wrote so far.
>
> - Giorgos
OK, I've added quick to the rule (surprised I forgot it there). Here's the
new rule: block drop quick on fxp0 from <badhosts> to any. Now, when I send
ICMP packets to that host (for testing), I *still* get them back but with an
extreme amount of loss. If I comment the rule, the loss disappears.
I'm at a loss as to why the traffic still isn't dropped.
--
Matt Rechkemmer
tiberius at trancell.org
More information about the freebsd-questions
mailing list