Date: Sun, 10 Jul 2005 18:51:22 +0200 From: Michael Weiser <michael@weiser.dinsnail.net> To: freebsd-pf@freebsd.org Subject: how to turn off pfsync globally Message-ID: <20050710165122.GA70950@weiser.dinsnail.net>
next in thread | raw e-mail | index | archive | help
Hello, I'm having trouble silencing pfsync. It insists on broadcasting packets like this rule 38/0(match): block out on xl1: 10.10.1.2 > 0.0.0.0: pfsync 228 to the external network interface for every state change. Up until now I circumvented that by adding the no-sync option to every rule. But since I installed pftpx I get those broadcasts again, seemingly because pftpx's dynamic rules don't have the no-sync option. Now I did another hack and just said ifconfig pfsync0 syncdev lo0 But this certainly isn't the right way to do it[tm]. Confusingly the pf documentation on www.openbsd.org says: > By default, pfsync(4) does not send or receive state table updates on > the network; however, updates can still be monitored using tcpdump(8) or > other such tools on the local machine. Why am I getting them on my external interface then? How do I globally switch off pfsync if I don't need it? Thanks in advance. -- bye, Micha
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050710165122.GA70950>