Date: Tue, 20 Jun 2006 11:00:41 GMT From: Maciej Wierzbicki <voovoos@kis.p.lodz.pl> To: freebsd-pf@FreeBSD.org Subject: Re: bin/96150: pfctl(8) -k non-functional Message-ID: <200606201100.k5KB0fJR058602@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/96150; it has been noted by GNATS.
From: Maciej Wierzbicki <voovoos@kis.p.lodz.pl>
To: bug-followup@FreeBSD.org, james@jlauser.net
Cc:
Subject: Re: bin/96150: pfctl(8) -k non-functional
Date: Tue, 20 Jun 2006 13:00:19 +0200
pfctl -k works without any problem on either 6.1-RELEASE-p1 or several
5.4/5.5 machines.
Most probably the originator tried to use -k with "external" hosts, not
local ones. In that case he should use pfctl -k host -k host as
described in manpage:
/*
To kill all of the state entries from host1 to host2:
# pfctl -k host1 -k host2
*/
So, in case there are two states:
self tcp A.B.C.D:22 <- A1.B1.C.D:60361 ESTABLISHED:ESTABLISHED
self tcp A.B.C.D:22 <- A2.B2.C.D:50120 ESTABLISHED:ESTABLISHED
pfctl -k A.B.C.D will kill both, while
pfctl -k A.B.C.D -k A1.B1.C.D will kill first one only.
--
* Maciej Wierzbicki * At paranoia's poison door *
* VOO1-RIPE *
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200606201100.k5KB0fJR058602>