Date: Thu, 14 Mar 2002 12:39:54 -0500 From: "Dan Langille" <dan@langille.org> To: Chris Johnson <cjohnson@palomine.net> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: ipfilter keep state broken? Message-ID: <20020314173954.E80F93F0E@bast.unixathome.org> In-Reply-To: <20020314123038.B43330@palomine.net> References: <20020314172627.DEF953F0E@bast.unixathome.org>; from dan@langille.org on Thu, Mar 14, 2002 at 12:26:27PM -0500
next in thread | previous in thread | raw e-mail | index | archive | help
On 14 Mar 2002 at 12:30, Chris Johnson wrote: > On Thu, Mar 14, 2002 at 12:26:27PM -0500, Dan Langille wrote: > > > After doing an ipf -FS to clear the state table, everything was still > > working fine. Then I reinstated my keep state rules and things went back > > to normal. > > > > Any suggestions to avoid this problem in future? Thanks. > > Do all of the "pass...proto tcp...keep state" lines in your rules file include > "flags S"? I recently had a similar problem caused by my leaving out flags S on > a tcp keep state rule. It's mixed. Some don't have flags, some have "flags S keep state" and other have "flags S/SA keep state". -- Dan Langille The FreeBSD Diary - http://freebsddiary.org/ - practical examples To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020314173954.E80F93F0E>