From owner-freebsd-pf@FreeBSD.ORG Sun Jun 3 07:25:42 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EF39F16A41F for ; Sun, 3 Jun 2007 07:25:42 +0000 (UTC) (envelope-from sash-b@mail.ru) Received: from mx28.mail.ru (mx28.mail.ru [194.67.23.67]) by mx1.freebsd.org (Postfix) with ESMTP id AA21013C44B for ; Sun, 3 Jun 2007 07:25:42 +0000 (UTC) (envelope-from sash-b@mail.ru) Received: from f76.mail.ru (f73.mail.ru [194.67.57.173]) by mx28.mail.ru (mPOP.Fallback_MX) with ESMTP id D5EC29ABDF; Sun, 3 Jun 2007 09:33:11 +0400 (MSD) Received: from mail by f76.mail.ru with local id 1Huii4-0004AW-00; Sun, 03 Jun 2007 09:33:00 +0400 Received: from [217.17.178.234] by win.mail.ru with HTTP; Sun, 03 Jun 2007 09:33:00 +0400 From: =?koi8-r?Q?=E1=CC=C5=CB=D3=C1=CE=C4=D2_=C2=D9=DA=CF=D7?= To: freebsd-pf@freebsd.org Mime-Version: 1.0 X-Mailer: mPOP Web-Mail 2.19 X-Originating-IP: [217.17.178.234] Date: Sun, 03 Jun 2007 09:33:00 +0400 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Message-Id: Cc: bal@lenta.ru Subject: pfctl -k Not functioning! X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: =?koi8-r?Q?=E1=CC=C5=CB=D3=C1=CE=C4=D2_=C2=D9=DA=CF=D7?= List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Jun 2007 07:25:43 -0000 Hello, I run FreeBSD 6.2, FreeBSD 6.1 on the same result. When I run pfctl-k target_ip I expect that will be killed every state with target_ip, but killed only if target_ip a source. The source address is located on the left in the withdrawal pfctl -ss rather than one who is the arrow. Example : FreeBSD-GW# pfctl -ss self tcp 192.168.17.238:1766 -> 217.17.178.234:57229 -> 64.233.183.147:80 ESTABLISHED:ESTABLISHED self tcp 64.233.183.147:80 <- 192.168.17.238:1766 ESTABLISHED:ESTABLISHED self tcp 192.168.17.200:22 -> 192.168.17.238:1305 ESTABLISHED:ESTABLISHED FreeBSD-GW# pfctl -k 192.168.17.238 killed 1 states from 1 sources and 0 destinations FreeBSD-GW# pfctl -ss self tcp 64.233.183.147:80 <- 192.168.17.238:1766 ESTABLISHED:ESTABLISHED self tcp 192.168.17.200:22 -> 192.168.17.238:1305 ESTABLISHED:ESTABLISHED FreeBSD-GW# pfctl -k 64.233.183.147 killed 1 states from 1 sources and 0 destinations FreeBSD-GW# pfctl -ss self tcp 192.168.17.200:22 -> 192.168.17.238:1305 ESTABLISHED:ESTABLISHED FreeBSD-GW# Task would be solved if we can kill all the states where destination is target_ip . For example in OpenBSD running command : #pfctl -k 0.0.0.0/0 -k 192.168.2.238 but my computer has responded: pfctl: getaddrinfo: hostname nor servname provided, or not known Hope for your help in solving this problem. -- Sorry for my English! Sincerely, Byzov Alexander mailto : sash-b@mail.ru