Date: Sun, 1 Jul 2012 18:34:18 +0000 (UTC) From: Marcin Wisnicki <mwisnicki+freebsd@gmail.com> To: freebsd-pf@freebsd.org Subject: Can't kill connections Message-ID: <jsq57a$9ep$1@dough.gmane.org>
next in thread | raw e-mail | index | archive | help
I'm trying to kill all connections to/from certain host after reloading ruleset to force it to go through new ruleset but it does not seem to work. My host is a simple gateway with $if_ext being natted to $if_int. I put this rule as the first filter rule: block log quick on $if_ext label "block-ext" Which should prevent any connection from reaching internet. State policy is set to if-bound. Then I kill existing states (tcp and udp): pfctl -k $host && pfctl -k 0/0 -k $host pfctl -k $gateway && pfctl -k 0/0 $gateway The states are killed and disappear from pftop but immediately new connections get through as if rule "block-ext" didn't exist. These new states have high rule numbers that correspond to pass rules on $if_int. How is this possible when "block-ext" should block everything ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?jsq57a$9ep$1>