From owner-freebsd-questions@FreeBSD.ORG Sat Oct 17 12:04:03 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8BF501065679 for ; Sat, 17 Oct 2009 12:04:03 +0000 (UTC) (envelope-from kraduk@googlemail.com) Received: from mail-fx0-f210.google.com (mail-fx0-f210.google.com [209.85.220.210]) by mx1.freebsd.org (Postfix) with ESMTP id 22D3A8FC1F for ; Sat, 17 Oct 2009 12:04:02 +0000 (UTC) Received: by fxm6 with SMTP id 6so3243627fxm.43 for ; Sat, 17 Oct 2009 05:04:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=2IImFJ/c7cQBy9TfcNx+T+z3Zi2Xgrhpq+OXEIFf3H8=; b=a+lHdpR1v9WT3/dEl/ojVv0x2UeVAKtMD6DnRDcaHxhH/Q+sWWujHbIa93IfMsSC8Q +dz+EZg9LOJQsf/UsE+KIJWsO9y+bKG/GB7VTCFVWvDmdMiyDAVqTVwlWhniwqNtWrMA 3RsU+jUTdS94/w6zvpPAnFWxlNZ4gfzpyZ3xc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=GBe4M6p8ilb0u7xWYZaHaHjLMMyyahWuIND1l1qjoRHzTS2Bon94m3opVc17xXMbt5 3NL7j6T6Rkz6Uhs+ydVoPtEedczQ7HE2u3u1AHXsQtWb32whdlnIrVvUV/w5tyBZ5Pyi 3OZz40HbPD0QAip7NRYZMVPtoCqetilhz10GQ= MIME-Version: 1.0 Received: by 10.239.237.193 with SMTP id k1mr222489hbp.173.1255781041960; Sat, 17 Oct 2009 05:04:01 -0700 (PDT) In-Reply-To: <880435.50203.qm@web30808.mail.mud.yahoo.com> References: <880435.50203.qm@web30808.mail.mud.yahoo.com> Date: Sat, 17 Oct 2009 13:04:01 +0100 Message-ID: From: krad To: =?ISO-8859-1?Q?D=E1nielisz_L=E1szl=F3?= , freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: Subject: Re: pf, ssh related question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Oct 2009 12:04:03 -0000 Theoretically if you sent a syn packet from the same source port at tne same time as you reloaded the rules you coyld get around it. However the practicalities of this make it not worth the hassle, especially if you dont control the firewall yiur traversing through the client end. Best to live with it On 10/17/09, D=E1nielisz L=E1szl=F3 wrote: > Hello, > > I have the following annoying thing: all the time I runpfctl -F all -f > /etc/pf.conf I got disconnected from my remote machine. > Do you have any idea how can I avoid this? > > Here is my pf.conf > > > #MACROS > ext_if=3D"rl0" > int_if=3D"rl1" > good_ip=3D"{192.168.1.0/24}" > icmp_types=3D"echoreq" > > set skip on lo > > scrub in > > block in > pass out keep state > > antispoof quick for { lo $int_if } > > #incoming ssh > pass in log quick on $int_if inet proto tcp from $good_ip to ($int_if) po= rt > 22 flags S/SA keep state > > #incoming http > pass in log quick on $int_if inet proto tcp from $good_ip to ($int_if) po= rt > 80 flags S/SA keep state > > pass in inet proto icmp all icmp-type $icmp_types keep state > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" > --=20 Sent from my mobile device