SSH Session disconnecting with pf
Torsten at CNC-LONDON
torsten at cnc-london.net
Mon Apr 7 23:36:02 UTC 2008
Hi All
Thank you very much for the comments.
This may explain some VPN issues I had in the past as well.
Regards
Torsten
-----Original Message-----
From: owner-freebsd-pf at freebsd.org [mailto:owner-freebsd-pf at freebsd.org] On
Behalf Of Elliott Perrin
Sent: 08 April 2008 00:17
To: freebsd-pf at freebsd.org
Subject: Re: SSH Session disconnecting with pf
See Below
On Mon, 2008-04-07 at 16:07 -0700, Jeremy Chadwick wrote:
> On Mon, Apr 07, 2008 at 11:02:33PM +0100, Torsten @ CNC-LONDON wrote:
> > I'm running FreeBSD stable6.2 on all my servers and in the past one
year I
> > notices a random disconnection of persistent sessions to and from
servers
> > with is running as PF the firewall
>
> The big problem with your rules looks to be how you're determining SYN,
> and how you're using keep state.
>
> Below are some comments.
>
> > SYN_ONLY="S/FSRA"
>
> This is very, very wrong, and probably the cause of your issues. This
> should be S/SA.
That is not very very wrong.
Any TCP session starting up should only have the SYN flag set out of SYN
FIN ACK RST. As a matter of fact this is in theory a more secure setting
than S/SA (SYN out of SYN ACK).
Cheers,
Elliott Perrin
elliott at c7.ca
_______________________________________________
freebsd-pf at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
More information about the freebsd-pf
mailing list