Date: Sun, 03 Jul 2011 11:10:38 -0700 From: Matt <sendtomatt@gmail.com> To: eculp <eculp@encontacto.net> Cc: freebsd-current <freebsd-current@freebsd.org> Subject: Re: seeing pf: state key linking mismatch! with pf on up to date current but not on FreeBSD 7.4-STABLE Message-ID: <4E10B09E.40309@gmail.com> In-Reply-To: <20110703082740.65947mb8mt1g1dg0@econet.encontacto.net> References: <20110703082740.65947mb8mt1g1dg0@econet.encontacto.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 07/03/11 06:27, eculp wrote: > Something is strange with PF. I get the above error using pf on > current but not on FreeBSD stable. The pf configuration hasn't > changed for a couple of years on either and they are the same except > for hardware names. > > The two machines are: > 9.0-CURRENT FreeBSD 9.0-CURRENT #247: Wed Jun 29 04:49:16 CDT 2011 > 7.4-STABLE FreeBSD 7.4-STABLE #1228: Sat Jun 25 04:42:55 CDT 2011 > > Anyone else seeing this? > > Thanks, > > ed > _______________________________________________ > I am also seeing this, especially when a website/browser/tab is closed but the remote site is still sending data I think. I am using the same basic pf.conf I have used for client machines for a while, but there is not much other than pf options and allowing traffic out (modulate state for tcp, keep state for everything else). I do have scrub, and antispoof rules for the interfaces, as well as a block log all at the top. For now, like i said, I've only seen the state key mismatches with web traffic. Also, synproxy state seems to hang all traffic. Matt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E10B09E.40309>