From owner-freebsd-pf@FreeBSD.ORG  Fri Mar 14 09:30:04 2008
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 979D21065675
	for <freebsd-pf@freebsd.org>; Fri, 14 Mar 2008 09:30:04 +0000 (UTC)
	(envelope-from remko@elvandar.org)
Received: from websrv01.jr-hosting.nl (websrv01.jr-hosting.nl [78.47.69.233])
	by mx1.freebsd.org (Postfix) with ESMTP id 7AE9D8FC13
	for <freebsd-pf@freebsd.org>; Fri, 14 Mar 2008 09:30:04 +0000 (UTC)
	(envelope-from remko@elvandar.org)
Received: from localhost ([127.0.0.1] helo=galain.elvandar.org)
	by websrv01.jr-hosting.nl with esmtpa (Exim 4.69 (FreeBSD))
	(envelope-from <remko@elvandar.org>)
	id 1Ja5oC-000CgE-Fg; Fri, 14 Mar 2008 09:02:36 +0000
Received: from 194.74.82.3 (SquirrelMail authenticated user remko)
	by galain.elvandar.org with HTTP;
	Fri, 14 Mar 2008 10:02:36 +0100 (CET)
Message-ID: <32006.194.74.82.3.1205485356.squirrel@galain.elvandar.org>
In-Reply-To: <200803132330.m2DNU3iG042764@freefall.freebsd.org>
References: <200803132330.m2DNU3iG042764@freefall.freebsd.org>
Date: Fri, 14 Mar 2008 10:02:36 +0100 (CET)
From: "Remko Lodder" <remko@elvandar.org>
To: "Laurent Frigault" <lfrigault@agneau.org>
User-Agent: SquirrelMail/1.4.13
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: freebsd-pf@freebsd.org
Subject: Re: kern/121668: connect randomly fails with EPERM with some pf 
 rules
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: remko@elvandar.org
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Mar 2008 09:30:04 -0000


>  It does not seems possible to set tcp.closed to 0 on a per rule basis :
>  This is accepted :
>  pass out quick on lo0 proto tcp from any to any port 9 flags S/SA keep
> state ( tcp.closing 30 , tcp.closed 0 )
>
>  But pfctl -srules -vvv prints :
>  @0 pass out quick on lo0 proto tcp from any to any port = discard flags
>  S/SA keep state (tcp.closing 30)
>    [ Evaluations: 1         Packets: 0         Bytes: 0           States:
> 0     ]
>    [ Inserted: uid 0 pid 51151 ]
>
>  the tcp.closed seems to be ignored
>
>  It works with tcp.closed set to 1
>

Why are you filtering on your local IP stack anyway? filtering on lo0 is
not that common, or at least in my point of view not used often and
presents problems all the way.

Just a random reply to something I feel -strange-.

Thanks,
remko

-- 
/"\   Best regards,                      | remko@FreeBSD.org
\ /   Remko Lodder                       | remko@EFnet
 X    http://www.evilcoder.org/          |
/ \   ASCII Ribbon Campaign              | Against HTML Mail and News