kern/127439: deadlock in pf
Christian Peron
csjp at freebsd.org
Wed Sep 17 16:50:08 UTC 2008
The following reply was made to PR kern/127439; it has been noted by GNATS.
From: Christian Peron <csjp at freebsd.org>
To: Geoffrey Mainland <mainland at apeiron.net>
Cc: Christian Peron <csjp at freebsd.org>, FreeBSD-gnats-submit at freebsd.org
Subject: Re: kern/127439: deadlock in pf
Date: Wed, 17 Sep 2008 11:47:13 -0500
On Wed, Sep 17, 2008 at 12:21:15PM -0400, Geoffrey Mainland wrote:
[..]
>
> # FTP
> pass in on $ext_if inet proto tcp from any to $ext_nat \
> user proxy flags S/SA modulate state
>
What happens if you get rid of the "user proxy" constraint? We have
had problems with these rules in the past. The truth is, they don't
really work correctly anyway. But it would be interesting to see if
removing the "user proxy" constraint and replacing it with a port or
range removes the dead lock.
More information about the freebsd-pf
mailing list