Date: Thu, 23 Mar 2017 14:29:35 -0400 From: "James B. Byrne" <byrnejb@harte-lyne.ca> To: freebsd-questions@freebsd.org Subject: Restaarting PF and its effects on jails and vms Message-ID: <d8c45fd2a689b07df63082aa04e036e7.squirrel@webmail.harte-lyne.ca>
next in thread | raw e-mail | index | archive | help
I am revising the pf configuration for the FreeBSD-10.3 host of a
number of FreeBSD-11.0 BHyve instances. When I restart PF on the host
then traffic to a number of guests gets blocked even though the
ruleset says it should not be.
Since the incoming ports for the blocked traffic appear to be from the
upper dynamic range I infer that this traffic is related to
connections established before PF was restarted and are now 'orphaned'
in consequence. In other words, had the initial connection between
client anf service been made while PF was already running the traffic
being blocked following a restart would have been let through as being
part of an established connection.
What is the recommended way of dealing with this issue when restarting
PF, if there is one?
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d8c45fd2a689b07df63082aa04e036e7.squirrel>