Date: Mon, 27 Jan 2014 22:26:15 -0500 From: Robert Simmons <rsimmons0@gmail.com> To: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: Re: PF in FreeBSD 10.0 Blocking Some SSH Message-ID: <CA%2BQLa9BhbNKAFS7Y5wj6FJ=S4Mod9hg53jULu8LGgmzp_kZ7mw@mail.gmail.com> In-Reply-To: <FA54EBD0-E7F1-43CF-A62D-4D13F5C38383@dataix.net> References: <CA%2BQLa9D97WytnE2Yiy6VFXDrhcgLcpPGf2zB16urjf2Ms%2BrzFg@mail.gmail.com> <20140127192048.GS66160@FreeBSD.org> <FA54EBD0-E7F1-43CF-A62D-4D13F5C38383@dataix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 27, 2014 at 4:06 PM, Jason Hellenthal <jhellenthal@dataix.net> wrote: > > I've seen similar things happen on SSH, that were due to a combination of > "scrub"ing and states expiring. Turning off scrub rules on SSH specifically > cured the scenario for me but I don't see an indication of whether or not > you are using that. I am not using any scrubbing rules. > You could also verify the states dropping by changing the optimization to > conservative. The problem does not seem to be happening today, so I will try this when it happens again: set optimization conservative However, the problem does not interrupt my ssh session with the server, so I don't think that its dropping an idle connection. It looks just to be blocking some packets involved with a connection.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BQLa9BhbNKAFS7Y5wj6FJ=S4Mod9hg53jULu8LGgmzp_kZ7mw>