On Thu, 26 Feb 2015 12:11:34 -0500 "Ted Unangst" <t...@tedunangst.com> wrote: > D'Arcy J.M. Cain wrote: > > So why would packets continue to come in for 2.5 hours? My guess is > > that the hacker is keeping the connection open and attacking over it > > for 2.5 hours. Does the packet filter not apply to existing > > connections? Is there some way to change that behaviour? > > Yes, that's how stateful firewalls work. Existing states don't > evaluate the ruleset. You probably want to look into pfctl -k.
I set no state on all UDP rules which is what this one is. What does -k do? NetBSD's pf doesn't seem to have it. -- D'Arcy J.M. Cain System Administrator, Vex.Net http://www.Vex.Net/ IM:da...@vex.net VoIP: sip:da...@vex.net