Date: Tue, 29 Jul 2008 04:33:28 -0700 From: Jeremy Chadwick <koitsu@FreeBSD.org> To: Peter Wullinger <peter.wullinger@googlemail.com> Cc: freebsd-pf@freebsd.org Subject: Re: pf randomly blocks specific packets? Message-ID: <20080729113328.GA67866@eos.sc1.parodius.com> In-Reply-To: <488EE858.9010708@googlemail.com> References: <488EE046.4010602@skoberne.net> <488EE858.9010708@googlemail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jul 29, 2008 at 11:52:24AM +0200, Peter Wullinger wrote: > Nejc ?koberne wrote: >> pass in quick on $int_Trust from $addr_sysSvarun to any keep state > Note: You can remove "keep state". This is implicit for newer version of pf. >> pass quick on $int_Loop all >> pass quick on $int_Jails all > Note: These keep state, see above. You might want to add "no state" here, > to decrease state table usage. Or better use, use "set skip on $int_Loop $int_Jails", and avoid having pf process any of them. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080729113328.GA67866>