I have been fighting with getting FTP to work through PF without success (yet).
As I have been perusing this mail list I see many having the same problem I am having,
the FTP server is a separate machine, behind the PF box and for reasons unknown to us
is running M$ ftp.
In digging around on the
On Tue, Jun 17, 2003 at 02:01:02PM -0500, Kevin wrote:
> Anyone have any ideas? dmesg and pf.conf are below.
Is there any difference if you use just 'keep state' instead of
synproxy? The synproxy states only differ during the handshake,
after that they are identical to ordinary (modulated) state
I am attempting to protect a web server from syn floods with synproxy.
The OpenBSD box has three NICs installed with fxp0 and fxp1 making up a
bridge and dc0 for SSH access. Hardware is P3 1Ghz with 1GB RAM.
The problem is once PF proxies 15,000 sessions almost all traffic
through the bridge d
How can i flush the counters?, obviously...without flush the rules.
THX
-H
Daniel Hartmeier wrote:
But reloading the ruleset will reset all per-rule counters as a side-
effect, while the existing state entries will continue to work (ongoing
connections are not affected), so that should be close enough.
Unfortunately, I think that if you do it that way, existing states wi
On Tue, Jun 17, 2003 at 02:46:49PM -0300, OTERO Hernan Gustavo EDS wrote:
> How can i flush the counters?, obviously...without flush the rules.
There's no mechanism to just flush the per-rule counters (you can flush
the global counters, those that pfctl -si prints, with -Fi, though).
But reloadi
On Mon, Jun 16, 2003 at 07:47:22PM -0400, L.Taylor Banks wrote:
> In lieu of updating to -current, would eliminating one of [altq / cbq]
> also solve the problem? I couldn't ascertain from the previous messages
> whether the use of both queuing methods was indeed the cause of the
> problem.
you
