The following reply was made to PR kern/127439; it has been noted by GNATS.
From: Christian Peron <[EMAIL PROTECTED]> To: Geoffrey Mainland <[EMAIL PROTECTED]> Cc: Christian Peron <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Subject: Re: kern/127439: deadlock in pf Date: Wed, 17 Sep 2008 11:47:13 -0500 On Wed, Sep 17, 2008 at 12:21:15PM -0400, Geoffrey Mainland wrote: [..] > > # FTP > pass in on $ext_if inet proto tcp from any to $ext_nat \ > user proxy flags S/SA modulate state > What happens if you get rid of the "user proxy" constraint? We have had problems with these rules in the past. The truth is, they don't really work correctly anyway. But it would be interesting to see if removing the "user proxy" constraint and replacing it with a port or range removes the dead lock. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
