Date: Fri, 29 Sep 2006 08:31:57 +0100 From: "Greg Hennessy" <Greg.Hennessy@nviz.net> Cc: <freebsd-pf@freebsd.org> Subject: RE: BAD state/State failure with large number of requests Message-ID: <000c01c6e399$58043510$0a00a8c0@thebeast> In-Reply-To: <fee88ee40609281617x79d956d0vce726c6f4b45e087@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> The part that confused me was that the connections failed > immediately -- it turns out that PF sends a RST upon state > mismatch during the intial handshake, as opposed to dropping > the packets and letting the connection time out. As a matter of policy, I would never black hole internally sourced traffic traversing packet filtering infrastructure under my control. There are few things worse from a management/debugging perspective than to have packets disappear into the wild blue yonder with no indication of why. Greg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000c01c6e399$58043510$0a00a8c0>