Date: Thu, 5 Jul 2007 09:41:55 -0500 From: David DeSimone <fox@verio.net> To: freebsd-pf@freebsd.org Subject: Re: Issue with PF on FreeBSD 6.2.5? Message-ID: <20070705144155.GA3490@verio.net> In-Reply-To: <20070705062546.BF688267E13@mx.levier.org> References: <20070705062546.BF688267E13@mx.levier.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Laurent LEVIER <llevier@argosnet.com> wrote: > > The problem I have is: > - When the public_granted table is updated with a new IP address, pf > let the user pass through. > - But when I delete this @IP from the table, pf keeps allowing the > user to pass through. PF always examines its state table before evaluating rules, so once a state entry is created you must clear it in order to stop communications on that open connection. See pfctl(1) specifically -k option: -k host Kill all of the state entries originating from the specified host. A second -k host option may be specified, which will kill all the state entries from the first host to the second host. For example, to kill all of the state entries originating from host: # pfctl -k <host> To kill all of the state entries from host1 to host2: # pfctl -k <host1> -k <host2> - -- David DeSimone == Network Admin == fox@verio.net "It took me fifteen years to discover that I had no talent for writing, but I couldn't give it up because by that time I was too famous. -- Robert Benchley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFGjQMzFSrKRjX5eCoRArigAJ9dstUkt5Ycb6qGA/SvTMhfloPAIQCfUScp NQ7qEjoSmwK/Zehm+Ltiv58= =5j5D -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070705144155.GA3490>