Date: Fri, 14 Mar 2008 10:02:36 +0100 (CET) From: "Remko Lodder" <remko@elvandar.org> To: "Laurent Frigault" <lfrigault@agneau.org> Cc: freebsd-pf@freebsd.org Subject: Re: kern/121668: connect randomly fails with EPERM with some pf rules Message-ID: <32006.194.74.82.3.1205485356.squirrel@galain.elvandar.org> In-Reply-To: <200803132330.m2DNU3iG042764@freefall.freebsd.org> References: <200803132330.m2DNU3iG042764@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> It does not seems possible to set tcp.closed to 0 on a per rule basis : > This is accepted : > pass out quick on lo0 proto tcp from any to any port 9 flags S/SA keep > state ( tcp.closing 30 , tcp.closed 0 ) > > But pfctl -srules -vvv prints : > @0 pass out quick on lo0 proto tcp from any to any port = discard flags > S/SA keep state (tcp.closing 30) > [ Evaluations: 1 Packets: 0 Bytes: 0 States: > 0 ] > [ Inserted: uid 0 pid 51151 ] > > the tcp.closed seems to be ignored > > It works with tcp.closed set to 1 > Why are you filtering on your local IP stack anyway? filtering on lo0 is not that common, or at least in my point of view not used often and presents problems all the way. Just a random reply to something I feel -strange-. Thanks, remko -- /"\ Best regards, | remko@FreeBSD.org \ / Remko Lodder | remko@EFnet X http://www.evilcoder.org/ | / \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32006.194.74.82.3.1205485356.squirrel>