From owner-freebsd-pf@FreeBSD.ORG Thu Sep 24 09:28:49 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 058EB106568D for ; Thu, 24 Sep 2009 09:28:49 +0000 (UTC) (envelope-from lowbotskie@gmail.com) Received: from mail-yw0-f121.google.com (mail-yw0-f121.google.com [209.85.211.121]) by mx1.freebsd.org (Postfix) with ESMTP id B61F78FC23 for ; Thu, 24 Sep 2009 09:28:48 +0000 (UTC) Received: by ywh27 with SMTP id 27so117227ywh.3 for ; Thu, 24 Sep 2009 02:28:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=GKjXc3dqCualCcOU5uDG35vvf6HBYoR6nvCMYKGFk+g=; b=DxYvYn1NNtxUgZPBSmsTVJ2i2a1MEJVU6QbrwUY53CJaOGEPObe+p1m0mGTjge480g qvWLfv8zOBX9Exd7BFDZVFXoQkP/AOF4M/dDCY9qRpmIsTApmHjvuFjUrIOgiSbCzlfU kmLq9tC8Jx4qZWS8QsGzvyxIsorQ5eYUDH+qQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=ORtQUgYPuj7ZnjGh0B3xzGmm6iYh4LuoOqXkWxCtTjVTUHrQYuz5E5aAfzh/opC6xh pgtnp9iuB7NjlmfhVllI71pwRTVUSrYvBMyekkKwuhJ8EnsZ1+WDM+Wb05eN8zYynT7w 0mYrizjPKqXCs/fhlBV5bD0TJpTPkHWvdaczA= MIME-Version: 1.0 Received: by 10.150.14.3 with SMTP id 3mr6141174ybn.288.1253783647785; Thu, 24 Sep 2009 02:14:07 -0700 (PDT) Date: Thu, 24 Sep 2009 17:14:07 +0800 Message-ID: <725c97180909240214j7501a680jd43950e4fc1ddb41@mail.gmail.com> From: shoks To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: removing states within an anchor X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Sep 2009 09:28:49 -0000 Hi All, I'm not sure if this is a bug or a limitation. Is it possible to remove the states created inside an anchor? Or show all the states created by rules inside an anchor? I have an anchor "ssh_a" which has created two states: # pfctl -a ssh_a -sr -v pass in log quick on vr0 inet proto tcp from any to 10.10.0.161 port = ssh flags S/SA keep state [ Evaluations: 4681 Packets: 6956 Bytes: 983364 States: 2 ] [ Inserted: uid 0 pid 2045 ] # I wanted to display the states created by rules within "ssh_a", but the command below shows all the states. # pfctl -a ssh_a -ss -v all tcp 10.10.0.161:22 <- 10.3.1.42:58120 ESTABLISHED:ESTABLISHED [4069877326 + 66560] wscale 3 [1308386281 + 66608] wscale 3 age 00:22:10, expires in 24:00:00, 1148:842 pkts, 91792:138616 bytes, anchor 5, rule 0 all tcp 10.10.0.161:22 <- 10.3.1.42:62296 ESTABLISHED:ESTABLISHED [555879689 + 66560] wscale 3 [1395082873 + 66608] wscale 3 age 00:05:05, expires in 23:59:11, 20:19 pkts, 3376:4620 bytes, anchor 5, rule 0 all tcp 10.10.0.161:80 <- 10.3.1.42:62952 FIN_WAIT_2:FIN_WAIT_2 [3637383497 + 66608] wscale 3 [3544701268 + 66607] wscale 3 age 00:00:17, expires in 00:01:23, 6:4 pkts, 802:440 bytes, anchor 4, rule 0 all ipv6-icmp ff02::1[16584] <- fe80::21b:21ff:fe1d:35bc NO_TRAFFIC:NO_TRAFFIC age 00:00:08, expires in 00:00:12, 1:0 pkts, 96:0 bytes, anchor 3, rule 14 all icmp 10.10.0.161:21514 <- 10.3.1.42 0:0 age 00:00:02, expires in 00:00:08, 1:1 pkts, 84:84 bytes, anchor 3, rule 2 # Removing the states within "ssh_a" with the command "pfctl -a ssh_a -Fs" would remove all the states. Thanks, sho