Date: Thu, 2 Dec 2004 23:21:01 +0100 From: =?iso-8859-1?Q?Cl=E9ment_MOULIN?= <cmoulin@simplerezo.com> To: <yongari@kt-is.co.kr> Cc: freebsd-pf@freebsd.org Subject: RE: FreeBSD bridge + filtering, BIG problem Message-ID: <20041202222131.6483843D46@mx1.FreeBSD.org> In-Reply-To: <20041202032557.GB12155@kt-is.co.kr>
next in thread | previous in thread | raw e-mail | index | archive | help
Pyun YongHyeon wrote: >Are you sure you can see *states* with "pfctl -ss"? >Both pf/ipf can't create states since it couldn't see ANY outbound >packets in bridge environments. In jail(fw01), you can see states >since packets go through L3 hook points. Yes I do (with pf) : $ pfctl -ss No ALTQ support in kernel ALTQ related functions disabled self tcp ...:3556 <- ...:80 CLOSED:SYN_SENT self tcp ...:3557 <- ...:80 CLOSED:SYN_SENT self tcp ...:2970 <- ...:80 CLOSED:SYN_SENT self tcp ...:80 <- ...:3556 ESTABLISHED:ESTABLISHED self tcp ...:80 <- ...:3557 ESTABLISHED:ESTABLISHED self tcp ...:80 <- ...:2970 ESTABLISHED:ESTABLISHED self tcp ...:80 -> ...:3559 ESTABLISHED:FIN_WAIT_2 self tcp ...:80 -> ...:3565 ESTABLISHED:FIN_WAIT_2 self udp ...:64715 -> ...:53 MULTIPLE:SINGLE self udp ...:53 <- ...:64715 NO_TRAFFIC:SINGLE (I have remove IP from output) -- Clement Moulin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041202222131.6483843D46>