Date: Thu, 10 Jul 2008 01:45:26 +0200 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Re: New pf install on Freebsd7 seem to be a slow starter. Message-ID: <200807100145.26576.max@love2party.net> In-Reply-To: <48750381.1030004@eskk.nu> References: <48750381.1030004@eskk.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 09 July 2008 20:29:21 Leslie Jensen wrote: > Anyway I have one PC on the inside and it takes some time before it's > able to reach the outside world. What David said. > Another thing I see is that for example I add log (all) to one of my > filters and do pfctl -f /etc/pf.conf, then later I remove it again and > do pfctl -f /etc/pf.conf. The output from tcpdump -n -e -ttt -i pflog0 > still shows packages as if it had not refreshed and still have the "log > (all)" active. That's expected. The rule will create a state with the "log (all)" flag set. When you reload the ruleset no more new states will be created with that flag, but the existing states stick around and keep logging all packets. You can either "pfctl -Fstates" or simply wait until they die off on their own. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807100145.26576.max>