pf eates syn packet?
Max Laier
max at love2party.net
Thu Aug 2 15:14:25 UTC 2007
On Thursday 02 August 2007, Frank Behrens wrote:
> Frank Behrens <frank at pinky.sax.de> wrote on 2 Aug 2007 13:29:
> >....
> > Aug 2 13:17:26 <kern.crit> moon kernel: pf: state insert failed:
> > tree_ext_gwy lan: 84.182.237.27:50517 gwy: 84.182.237.27:50517 ext:
> > 193.99.144.85:80
>
> The new pf(4) from
> http://people.freebsd.org/~mlaier/PF41/
> on FreeBSD 6.2-STABLE-200708021147 i386 shows the same problem. :-(
>
> Is this a problem for pf(4) on FreeBSD or should the report be sent to
> OpenBSD?
Can you follow up with the complete pf.conf you are using? The "state
insert failed" error suggests a logic problem in your config (or a missed
PF_TAG_GENERATED somewhere). It seems that the same packet is run
through the firewall twice, generating state on the first run, but not
matching it on the second ... somehow strange.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20070802/a862629b/attachment.pgp
More information about the freebsd-pf
mailing list