Date: Fri, 10 Jun 2005 21:33:50 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Matt Rechkemmer <tiberius@trancell.org> Cc: freebsd-questions@freebsd.org Subject: Re: pf block question Message-ID: <20050610183349.GA21866@orion.daedalusnetworks.priv> In-Reply-To: <20050609204814.GA11510@sdf.lonestar.org> References: <20050607064323.GA29038@sdf.lonestar.org> <20050607105030.GA44218@orion.daedalusnetworks.priv> <20050609101805.GA11341@sdf.lonestar.org> <20050609105116.GA87877@orion.daedalusnetworks.priv> <20050609204814.GA11510@sdf.lonestar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2005-06-09 13:48, Matt Rechkemmer <tiberius@trancell.org> wrote: > On Thu, Jun 09, 2005 at 01:51:16PM +0300, Giorgos Keramidas wrote: > > > > If you add "quick" to the `block from <badhosts>' rule, packets from > > these hosts will immediately be dropped -- which is what you probably > > want to do, if I have understood what you wrote so far. > > OK, I've added quick to the rule (surprised I forgot it there). Here's the > new rule: block drop quick on fxp0 from <badhosts> to any. Now, when I send > ICMP packets to that host (for testing), I *still* get them back but with an > extreme amount of loss. If I comment the rule, the loss disappears. > > I'm at a loss as to why the traffic still isn't dropped. Existing icmp states? Did you reload the rules with: /etc/rc.d/pf reload or by directly running pfctl?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050610183349.GA21866>