From owner-freebsd-questions@FreeBSD.ORG  Sun Jul 30 21:26:46 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8509016A4DE
	for <freebsd-questions@freebsd.org>;
	Sun, 30 Jul 2006 21:26:46 +0000 (UTC)
	(envelope-from dwc@stilyagin.com)
Received: from puffy.asicommunications.com (puffy.asicommunications.com
	[216.9.200.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A20E43D64
	for <freebsd-questions@freebsd.org>;
	Sun, 30 Jul 2006 21:26:38 +0000 (GMT)
	(envelope-from dwc@stilyagin.com)
Received: from jeeves.stilyagin.local (63-230-205-170.phnx.qwest.net
	[63.230.205.170])
	by puffy.asicommunications.com (8.13.4/8.13.3) with ESMTP id
	k6ULQaMa006465
	(version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO);
	Sun, 30 Jul 2006 14:26:37 -0700 (MST)
Received: (from dwc@localhost)
	by jeeves.stilyagin.local (8.13.4/8.13.4/Submit) id k6ULQUsF019658;
	Sun, 30 Jul 2006 14:26:30 -0700 (MST)
Date: Sun, 30 Jul 2006 14:26:30 -0700
From: Darrin Chandler <dwchandler@stilyagin.com>
To: Ivan Levchenko <levchenko.i@gmail.com>
Message-ID: <20060730212630.GC3123@jeeves.stilyagin.local>
References: <e39dd5bb0607301353y1fd79e6by7d2af3307bc02c40@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <e39dd5bb0607301353y1fd79e6by7d2af3307bc02c40@mail.gmail.com>
User-Agent: Mutt/1.4.2i
Cc: freebsd-questions@freebsd.org
Subject: Re: pf states
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Jul 2006 21:26:46 -0000

On Sun, Jul 30, 2006 at 08:53:48PM +0000, Ivan Levchenko wrote:
> 
> Have a little question to which google didn't help a lot.
> 
> I have pf firewall working great. i installed pftop to see whats going
> on in real time. I see some state meanings that i would like to know
> more about, for example no_traffic.
> 
> I looked in the man pages and what not, but could not find what i was
> looking for.

Pftop assumes you have some knowledge of pf. Pf assumes you have some
knowledge of networking. I think you are right that there's nowhere that
really explains what these states are in realtion to pf.

The STATE column in pftop (or "pfctl -s state") has two sides, one for
each endpoint. The state SINGLE:NO_TRAFFIC is something I see a lot
using symon/symux, where a udp datagram is sent and there is no reply
(it's merely accepted). You will also see a lot of
ESTABLISHED:ESTABLISHED and FIN_WAIT_2:FIN_WAIT_2 states. Most of these
are not really specific to pf, and will be documented in various
references online and in books. Most of the states you will see have to
do with TCP connections being build, or as established, or being torn
down. Google for Transmission Control Protocol and you should find what
you're looking for (and WAY more).

-- 
Darrin Chandler            |  Phoenix BSD Users Group
dwchandler@stilyagin.com   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |