Solaris x86 kernel Generic_108529-15, IP Filter 3.4.29 built with gcc 2.95.3 from Solaris Software Companion...
Whenever I run modinfo (as any user) on the Solaris host, some or all existing TCP connections through the firewall are reset. Connections made to the firewall itself are not reset, or at least some of them aren't. Unfortunately, this is detrimental enough that I don't want to do a lot of testing on it. But weirdly, the state and NAT entries for the old connections don't appear to be exterminated. It's as if IPF decided to send TCP reset packets out. I am using return-rst in some areas. I built IP Filter against the kernel I'm running, so it isn't any kernel/IPF sync problem. Anyway, I don't expect a diagnosis of the problem, but I'm curious whether anyone has else seen this problem. -- Jefferson Ogata <[EMAIL PROTECTED]> NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]>
