Date: Tue, 15 Nov 2005 21:10:45 +0100 From: dick hoogendijk <dick@nagual.st> To: fbsdq <freebsd-questions@freebsd.org> Subject: pf synproxy state Message-ID: <20051115211045.ecf4e043.dick@nagual.st>
next in thread | raw e-mail | index | archive | help
I have a pf.conf rule: pass in on $ext_if proto tcp from any to $server port 80 \ flags S/SA synproxy state It should be safer for the webserver (so they say).. But after a few hours of no connection I began to wonder and changed the "synproxy state" back to "keep state" (things started to work again). I googled and found msgs about a non working synproxy on 5.x, but 6.0 should work (they say). Has anybody some experience in this matter? Does synproxy work? Do I do something wrong? (overlooked something)? -- dick -- http://nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 6.0 ++ The Power to Serve + Nai tiruvantel ar vayuvantel i Valar tielyanna nu vilja
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051115211045.ecf4e043.dick>