Date: Thu, 5 Jul 2007 09:41:55 -0500 From: David DeSimone <fox@verio.net> To: freebsd-pf@freebsd.org Subject: Re: Issue with PF on FreeBSD 6.2.5? Message-ID: <20070705144155.GA3490@verio.net> In-Reply-To: <20070705062546.BF688267E13@mx.levier.org> References: <20070705062546.BF688267E13@mx.levier.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Laurent LEVIER <llevier@argosnet.com> wrote:
>
> The problem I have is:
> - When the public_granted table is updated with a new IP address, pf
> let the user pass through.
> - But when I delete this @IP from the table, pf keeps allowing the
> user to pass through.
PF always examines its state table before evaluating rules, so once a
state entry is created you must clear it in order to stop communications
on that open connection.
See pfctl(1) specifically -k option:
-k host
Kill all of the state entries originating from the specified
host. A second -k host option may be specified, which will kill
all the state entries from the first host to the second host.
For example, to kill all of the state entries originating from
host:
# pfctl -k <host>
To kill all of the state entries from host1 to host2:
# pfctl -k <host1> -k <host2>
- --
David DeSimone == Network Admin == fox@verio.net
"It took me fifteen years to discover that I had no
talent for writing, but I couldn't give it up because
by that time I was too famous. -- Robert Benchley
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFGjQMzFSrKRjX5eCoRArigAJ9dstUkt5Ycb6qGA/SvTMhfloPAIQCfUScp
NQ7qEjoSmwK/Zehm+Ltiv58=
=5j5D
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070705144155.GA3490>