Date: Thu, 8 Jun 2006 09:34:16 -0400 From: "Chris Buechler" <cbuechler@gmail.com> To: "Dominic Marks" <dom@helenmarks.co.uk> Cc: freebsd-stable@freebsd.org, freebsd-pf@freebsd.org Subject: Re: pf buggy on 6.1-STABLE? Message-ID: <d64aa1760606080634q2136fd4eqc6aa790fd3cad33c@mail.gmail.com> In-Reply-To: <4459.195.12.22.194.1149757864.squirrel@mail.helenmarks.co.uk> References: <44876071-491e@helpdesk.islandnet.com> <4459.195.12.22.194.1149757864.squirrel@mail.helenmarks.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/8/06, Dominic Marks <dom@helenmarks.co.uk> wrote: > > I've experienced the same. If you have a lot of concurrent connections > going on it seems that every so often an connection will be blocked, > even if it doesnt match any rule. In my case I experienced this with > apache22 acting as a reverse proxy/virtual host. > This sounds a lot like the port randomization problems discussed by Michael Silbersack in his BSDCan presentation. specifically, pages 12-14. http://www.silby.com/bsdcan06/silbersack_bsdcan06.pdf That shouldn't be an issue anymore, but I don't know when that was resolved. cheers, -Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d64aa1760606080634q2136fd4eqc6aa790fd3cad33c>