PF Issue with BETA4
Thomas T. Veldhouse
veldy at veldy.net
Fri Sep 17 07:14:00 PDT 2004
Max Laier wrote:
>On Friday 17 September 2004 05:00, Thomas T. Veldhouse wrote:
>
>
>>It seems that, at least with the PF devices built into the kernel that
>>an issue arises during shutdown. As I was rebooting the server, I
>>noticed that the disks were syncing and yet there was a huge amount of
>>traffic on my router to the Internet. Upon inspection, packets were
>>still passing through the kernel and a large download was still going on
>>through a kernel that should have long ago quite passing traffic! In
>>other words, it appears that the NAT function of PF does not shutdown as
>>it should while the the OS is shutting down. Traffic ceases almost
>>immediately with IPFW and IPFILTER.
>>
>>
>
>Hmmm? So you are saying that staying up as long as possible is an error? I
>don't quite see the point in shutting down early. If you still want to, you
>can script it somewhere. "echo block all | pfctl -Fa -f-"
>
>
>
Well ... what is the state of the firewall at this time? Is it just
stateful connections that are open? IPFW and IPFILTER both close these
connections immediately. I am reasonably sure that this should probably
behave similar to the other packet filters.
Tom Veldhouse
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20040917/4063c560/signature.bin
More information about the freebsd-pf
mailing list