From owner-freebsd-security@FreeBSD.ORG Fri Apr 29 22:26:40 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 70F3C16A4CE for ; Fri, 29 Apr 2005 22:26:40 +0000 (GMT) Received: from redqueen.evilcoder-services.org (redqueen.evilcoder-services.org [217.148.169.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 24EBB43D2D for ; Fri, 29 Apr 2005 22:26:40 +0000 (GMT) (envelope-from remko@freebsd.org) Received: from localhost (localhost [127.0.0.1])47BDD2954DB; Sat, 30 Apr 2005 00:26:39 +0200 (CEST) Received: from redqueen.evilcoder-services.org ([127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03039-08; Sat, 30 Apr 2005 00:26:38 +0200 (CEST) Message-ID: <4272B49D.6050805@FreeBSD.org> Date: Sat, 30 Apr 2005 00:26:37 +0200 From: Remko Lodder User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Neo-Vortex References: <4272011F.9040707@netmagicsolutions.com> <20050429194242.I78552@Neo-Vortex.net> <20050429203417.P85987@Neo-Vortex.net> <20050430001910.C3271@a2.scoop.co.nz> <20050429225510.P6468@Neo-Vortex.net> In-Reply-To: <20050429225510.P6468@Neo-Vortex.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by the evilcoder-services.org maildomain X-Mailman-Approved-At: Sat, 30 Apr 2005 13:32:45 +0000 cc: freebsd-security@freebsd.org cc: Siddhartha Jain Subject: Re: IPFW disconnections and resets X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Apr 2005 22:26:40 -0000 Neo-Vortex wrote: > > On Sat, 30 Apr 2005, Andrew McNaughton wrote: > > >>1% is way too much. use nohup. eg: > > > SSH dies, asin i get "Connection reset by peer" and my ssh session closes, > i can restart it fine though and the rest of the rules are parsed fine, > also, i dont get that on the window that im loading the firewall rulesets, > only on my other session wich has irssi running wich sends a packet once > every second to update the time... the box never needs to be physically > touched :) > > ~Neo-Vortex The best reply sofar (imho) was to use screen. When i reload my ruleset i do that with: pfctl -Fa -f /etc/pf.conf.new && sleep 180 && pfctl -Fa -f /etc/pf.conf where the new file is my test setup and the other file is the current working one. When i reload them with screen i am sure that the commands read correctly and even when i get kicked out the screen application still carries the commands given. In worst case i can access the machine again after three minutes, which isn't that bad ;-) Just my 0.02E(urocents) -- Kind regards, Remko Lodder ** remko@elvandar.org Reporter DSINET ** remko@DSINet.org Founder Tienervaders ** remko@tienervaders.org FreeBSD Documentation Project ** remko@FreeBSD.org