kern/127439: deadlock in pf
Christian Peron
csjp at freebsd.org
Wed Sep 17 17:30:04 UTC 2008
The following reply was made to PR kern/127439; it has been noted by GNATS.
From: Christian Peron <csjp at freebsd.org>
To: Christian Peron <csjp at freebsd.org>
Cc: Geoffrey Mainland <mainland at apeiron.net>, FreeBSD-gnats-submit at freebsd.org
Subject: Re: kern/127439: deadlock in pf
Date: Wed, 17 Sep 2008 12:27:43 -0500
Actually -- ignore this request. This is not the problem.
On Wed, Sep 17, 2008 at 11:47:13AM -0500, Christian Peron wrote:
> On Wed, Sep 17, 2008 at 12:21:15PM -0400, Geoffrey Mainland wrote:
> [..]
> >
> > # FTP
> > pass in on $ext_if inet proto tcp from any to $ext_nat \
> > user proxy flags S/SA modulate state
> >
>
> What happens if you get rid of the "user proxy" constraint? We have
> had problems with these rules in the past. The truth is, they don't
> really work correctly anyway. But it would be interesting to see if
> removing the "user proxy" constraint and replacing it with a port or
> range removes the dead lock.
>
More information about the freebsd-pf
mailing list