Hello.
I noticed something strange with pf, 100% reproducible on OpenBSD 3.2 and
today's -current.
brutus is an OpenBSD-current NAT gateway.
synchron is a Linux workstation whoose gateway is brutus.
If I ssh from synchron to brutus and disable the firewall:
synchron> ssh brutus
On Thu, Nov 28, 2002 at 07:13:28PM +0100, Jedi/Sector One wrote:
> brutus> sudo pfctl -d
>
> synchron gets flooded by brutus, the 100Mb link gets immediately saturated
> and the only way to calm the storm is to change the IP address of synchron.
The ssh connection to synchron<->brutus isn't by
On Thu, Nov 28, 2002 at 07:47:37PM +0100, Daniel Hartmeier wrote:
> The ssh connection to synchron<->brutus isn't by any chance filtered
> statefully, using modulate state? :)
It is.
pass in quick on $INT proto { icmp, udp } all label internal-in
pass in quick on $INT proto tcp all modulate sta
On Thu, Nov 28, 2002 at 07:53:57PM +0059, Jedi/Sector One wrote:
> > The ssh connection to synchron<->brutus isn't by any chance filtered
> > statefully, using modulate state? :)
>
> It is.
Can you try to get a tcpdump -nvvvpSi $INT (-S shows absolute sequence
numbers), ideally a couple of pac
On Thu, Nov 28, 2002 at 08:03:41PM +0100, Daniel Hartmeier wrote:
> Can you try to get a tcpdump -nvvvpSi $INT (-S shows absolute sequence
> numbers)
[snip snip]
Stuff sent privately to Daniel.
--
__ /*- Frank DENIS (Jedi/Sector One) <[EMAIL PROTECTED]> -*\ __
\ '/http://www
