From owner-freebsd-pf@FreeBSD.ORG Wed Jul 9 23:48:13 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C72FB106566C for ; Wed, 9 Jul 2008 23:48:13 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.174]) by mx1.freebsd.org (Postfix) with ESMTP id 506ED8FC19 for ; Wed, 9 Jul 2008 23:48:13 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-002-082.pools.arcor-ip.net [88.66.2.82]) by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis) id 0MKwtQ-1KGjON3XLG-0007Wf; Thu, 10 Jul 2008 01:48:12 +0200 Received: (qmail 24265 invoked from network); 9 Jul 2008 23:48:10 -0000 Received: from myhost.laiers.local (192.168.4.151) by router.laiers.local with SMTP; 9 Jul 2008 23:48:10 -0000 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Thu, 10 Jul 2008 01:45:26 +0200 User-Agent: KMail/1.9.9 References: <48750381.1030004@eskk.nu> In-Reply-To: <48750381.1030004@eskk.nu> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200807100145.26576.max@love2party.net> X-Provags-ID: V01U2FsdGVkX18ns9oHVreTLXKOy9oSNrkenk4IT2vs1a2mF2c YMn15VaZfl0fBtWXQo3BgjIDE19glGe7NRf/kwLQz62+iv+Qed NXBgizAB161lCff1V2Lhg== Cc: Subject: Re: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2008 23:48:13 -0000 On Wednesday 09 July 2008 20:29:21 Leslie Jensen wrote: > Anyway I have one PC on the inside and it takes some time before it's > able to reach the outside world. What David said. > Another thing I see is that for example I add log (all) to one of my > filters and do pfctl -f /etc/pf.conf, then later I remove it again and > do pfctl -f /etc/pf.conf. The output from tcpdump -n -e -ttt -i pflog0 > still shows packages as if it had not refreshed and still have the "log > (all)" active. That's expected. The rule will create a state with the "log (all)" flag set. When you reload the ruleset no more new states will be created with that flag, but the existing states stick around and keep logging all packets. You can either "pfctl -Fstates" or simply wait until they die off on their own. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News