On Fri, Dec 06, 2002 at 04:10:54PM -0800, Stephen Gutknecht (OBSD-PF) wrote:
Are the default timeout values documented somewhere. If not, you post them.
The man pages for pf.conf show how to set them, but doesn't seem to indicate
the defaults.
pfctl -s timeouts
shows the ones you're
I'm going to revisit this topic... as a comment from eWeek's OpenHack 4
caught my attention. On the following page, in the left column...
http://www.eweek.com/image_popup/0,3662,s=25546iid=18512,00.asp
Regarding OpenBSD 3.2 PF:
*** We did notice a few problems where pf rules we wrote using
On Fri, Dec 06, 2002 at 12:37:32PM -0800, Stephen Gutknecht (OBSD-PF) wrote:
*** We did notice a few problems where pf rules we wrote using the
firewall's keep state option would incorrectly block packets returned as a
result of an incoming connection ***
That is a pretty good description
Correction to last post...
I wrote:
When we used keep state on our out rules, we would see port 80 packets
originating from our IIS server were sometimes showing in the log as
dropped.
I meant to say:
When we used keep state on our *in* rules (both interfaces of bridge) - we
would sometimes
?
Thanks.
Stephen
-Original Message-
From: Daniel Hartmeier [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 06, 2002 1:08 PM
Subject: Re: Public web server behind a PF bridge, crap clients
[snip]
In every case, either the state has
timed out already or the peer was re-using a port