Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 18 May 2008 12:33:51 +0200
From:      =?ISO-8859-1?Q?Johan_Str=F6m?= <johan@stromnet.se>
To:        Matthew Seaman <m.seaman@infracaninophile.co.uk>
Cc:        Alex Trull <alex@trull.org>, freebsd-pf@freebsd.org, freebsd-stable <freebsd-stable@freebsd.org>, freebsd-net@freebsd.org
Subject:   Re: connect(): Operation not permitted
Message-ID:  <B44C565F-65A5-498A-9B79-3FFE15E33A7A@stromnet.se>
In-Reply-To: <482FD877.6050707@infracaninophile.co.uk>
References:  <678A03F5-5E8A-4CF6-90DF-AA9A4F30FBE1@stromnet.se>	<1211037564.6326.27.camel@porksoda> <679DB462-75D6-45CC-949C-1BE8E12C22CD@stromnet.se> <482FD877.6050707@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help 
On May 18, 2008, at 9:19 AM, Matthew Seaman wrote:

> Johan Str=F6m wrote:
>
>> drop all traffic)? A check with pfctl -vsr reveals that the actual =20=

>> rule inserted is "pass on lo0 inet from 123.123.123.123 to =20
>> 123.123.123.123 flags S/SA keep state". Where did that "keep state" =20=

>> come from?
>
> 'flags S/SA keep state' is the default now for tcp filter rules -- =20
> that
> was new in 7.0 reflecting the upstream changes made between the 4.0 =20=

> and 4.1
> releases of OpenBSD.  If you want a stateless rule, append 'no state'.
>
> http://www.openbsd.org/faq/pf/filter.html#state

Thanks! I was actually looking around in the pf.conf manpage but =20
failed to find it yesterday, but looking closer today I now saw it.
Applied the no state (and quick) to the rule, and now no state is =20
created.
And the problem I had in the first place seems to have been resolved =20
too now, even though it didn't look like a state problem.. (started to =20=

deny new connections much earlier than the states was full, altough =20
maybee i wasnt looking for updates fast enough or something).

Anyways, thanks to all helping me out, and of course thanks to =20
everybody involved in FreeBSD/pf and all for great products! Cannot be =20=

said enough times ;)=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B44C565F-65A5-498A-9B79-3FFE15E33A7A>