Date: Mon, 02 Jul 2018 18:56:39 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 229477] [PATCH] fail-policy changes cause delays on synproxy packets Message-ID: <bug-229477-227-Deejhy9o8f@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-229477-227@https.bugs.freebsd.org/bugzilla/> References: <bug-229477-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229477 --- Comment #3 from Andre Albsmeier <mail@fbsd.e4m.org> --- That's easy (this is just a cut-down excerpt of my real rules I used on a test machine to address this bug): set ruleset-optimization none set block-policy return set skip on lo0 set debug misc set timeout tcp.established 432000 set limit { states 2000, src-nodes 1000, frags 2000, table-entries 30000 } scrub in on e0 all fragment reassemble scrub out on e0 all random-id set-tos 0xB8 scrub on e0 all reassemble tcp pass out quick on e0 all no state allow-opts pass in quick on e0 proto tcp from any to any port 1234 synproxy state pass in quick on e0 all no state Now run some "nc -l DEST 1234" on host DEST and connect to 1234 with and without the synproxy rule... -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-229477-227-Deejhy9o8f>