* Henrik Johansen <[EMAIL PROTECTED]> [2008-01-02 13:32]: > Hi list, > > We had an ICMP flood against one of our servers this weekend > and I noticed something strange. > > Whenever I ran '/sbin/pfctl -Fr -f /etc/pf.conf' ICMP packets started > to slip through for a second and a couple of states related to those > ICMP packets were created. > > The only time ICMP packets got through the firewall was when I reloaded > the ruleset. > The box in question is running OpenBSD 4.1-STABLE and > the ruleset in question is using a "default deny" policy. > Is > that expected behaviour ?
when you're using -Fr, yes. you should not do so. ruleset reload is atomic when you leave the manual flush out. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
