Date: Sun, 03 Jun 2007 09:33:00 +0400 From: =?koi8-r?Q?=E1=CC=C5=CB=D3=C1=CE=C4=D2_=C2=D9=DA=CF=D7?= <sash-b@mail.ru> To: freebsd-pf@freebsd.org Cc: bal@lenta.ru Subject: pfctl -k Not functioning! Message-ID: <E1Huii4-0004AW-00.sash-b-mail-ru@f76.mail.ru>
next in thread | raw e-mail | index | archive | help
Hello, I run FreeBSD 6.2, FreeBSD 6.1 on the same result.
When I run pfctl-k target_ip I expect that will be killed every state with target_ip, but killed only if target_ip a source.
The source address is located on the left in the withdrawal pfctl -ss rather than one who is the arrow.
Example :
FreeBSD-GW# pfctl -ss
self tcp 192.168.17.238:1766 -> 217.17.178.234:57229 -> 64.233.183.147:80 ESTABLISHED:ESTABLISHED
self tcp 64.233.183.147:80 <- 192.168.17.238:1766 ESTABLISHED:ESTABLISHED
self tcp 192.168.17.200:22 -> 192.168.17.238:1305 ESTABLISHED:ESTABLISHED
FreeBSD-GW# pfctl -k 192.168.17.238
killed 1 states from 1 sources and 0 destinations
FreeBSD-GW# pfctl -ss
self tcp 64.233.183.147:80 <- 192.168.17.238:1766 ESTABLISHED:ESTABLISHED
self tcp 192.168.17.200:22 -> 192.168.17.238:1305 ESTABLISHED:ESTABLISHED
FreeBSD-GW# pfctl -k 64.233.183.147
killed 1 states from 1 sources and 0 destinations
FreeBSD-GW# pfctl -ss
self tcp 192.168.17.200:22 -> 192.168.17.238:1305 ESTABLISHED:ESTABLISHED
FreeBSD-GW#
Task would be solved if we can kill all the states where destination is target_ip .
For example in OpenBSD running command :
#pfctl -k 0.0.0.0/0 -k 192.168.2.238
but my computer has responded:
pfctl: getaddrinfo: hostname nor servname provided, or not known
Hope for your help in solving this problem.
--
Sorry for my English!
Sincerely,
Byzov Alexander mailto : sash-b@mail.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1Huii4-0004AW-00.sash-b-mail-ru>