> Everything above mentioned works perfectly, the issue starts when we
> have to delete one IP from the load balance table. For example, if
> 10.0.0.2 server is down, I need to take it out of the balancing table:
>
> pfctl -t lb -T del 10.0.0.2
>
> In this case, technically load balancing will be kept only among the IPs
> 10.0.0.1 and 10.0.0.3, which are the only ones that still exists in the
> <lb> table. But the problem is, even when the just deleted 10.0.0.2
> server is not on <lb> anymore, clients requests/states which were in
> "Source" before and that pointed 10.0.0.2, will still there, and
> therefore redirections to 10.0.0.2 will continue to happen until
> src.track expires (30 minutes in the mentioned situation), or when I do
> "pfctl -F Source". But if I do the second approach, I will flush all my
> references and sessions for this and all other source-tracks data in my
> firewall.
from pfctl(8):
A network prefix length of 0 can be used as a wildcard. To kill
all states with the target ``host2'':
# pfctl -k 0.0.0.0/0 -k host2
so why don't you kill all states to dead pool member right after removing
it from the <lb> table?
