From owner-freebsd-pf@FreeBSD.ORG Thu Jul 5 18:10:17 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5AF3516A468 for ; Thu, 5 Jul 2007 18:10:17 +0000 (UTC) (envelope-from llevier@argosnet.com) Received: from mx.levier.org (ns.argosnet.com [213.251.139.26]) by mx1.freebsd.org (Postfix) with ESMTP id 1FC1813C46E for ; Thu, 5 Jul 2007 18:10:16 +0000 (UTC) (envelope-from llevier@argosnet.com) Received: from localhost (ns [213.251.139.26]) by mx.levier.org (Postfix) with ESMTP id C16EA267EA4; Thu, 5 Jul 2007 20:10:17 +0200 (CEST) X-Virus-Scanned: amavisd-new at argosnet.com Received: from mx.levier.org ([213.251.139.26]) by localhost (ns.levier.org [213.251.139.26]) (amavisd-new, port 10024) with ESMTP id RMVcViHh5EhM; Thu, 5 Jul 2007 20:08:13 +0200 (CEST) Received: from wm.argosnet.com (ns [213.251.139.26]) by mx.levier.org (Postfix) with ESMTP id 6B523267FE8; Thu, 5 Jul 2007 17:17:45 +0200 (CEST) Received: from 57.250.229.136 (SquirrelMail authenticated user llevier) by wm.argosnet.com with HTTP; Thu, 5 Jul 2007 17:17:45 +0200 (CEST) Message-ID: <46706.57.250.229.136.1183648665.squirrel@wm.argosnet.com> In-Reply-To: <20070705144155.GA3490@verio.net> References: <20070705062546.BF688267E13@mx.levier.org> <20070705144155.GA3490@verio.net> Date: Thu, 5 Jul 2007 17:17:45 +0200 (CEST) From: "Laurent LEVIER" To: "David DeSimone" User-Agent: SquirrelMail/1.4.9a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-pf@freebsd.org Subject: Re: Issue with PF on FreeBSD 6.2.5? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jul 2007 18:10:17 -0000 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > PF always examines its state table before evaluating rules, so once a > state entry is created you must clear it in order to stop communications > on that open connection. > > See pfctl(1) specifically -k option: > > -k host > > Kill all of the state entries originating from the specified > host. A second -k host option may be specified, which will kill > all the state entries from the first host to the second host. > For example, to kill all of the state entries originating from > host: > > # pfctl -k > > To kill all of the state entries from host1 to host2: > > # pfctl -k -k > Hi David, Thanks for your input. However, I tested this and it did not helped :-( Brgrds