Date: Fri, 17 Sep 2004 09:13:47 -0500 From: "Thomas T. Veldhouse" <veldy@veldy.net> To: Max Laier <max@love2party.net> Cc: freebsd-pf@freebsd.org Subject: Re: PF Issue with BETA4 Message-ID: <414AF11B.1070806@veldy.net> In-Reply-To: <200409171114.05717.max@love2party.net> References: <414A533A.8000009@veldy.net> <200409171114.05717.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig9A3ED5F9800366EBFFCC74BD Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Max Laier wrote: >On Friday 17 September 2004 05:00, Thomas T. Veldhouse wrote: > > >>It seems that, at least with the PF devices built into the kernel that >>an issue arises during shutdown. As I was rebooting the server, I >>noticed that the disks were syncing and yet there was a huge amount of >>traffic on my router to the Internet. Upon inspection, packets were >>still passing through the kernel and a large download was still going on >>through a kernel that should have long ago quite passing traffic! In >>other words, it appears that the NAT function of PF does not shutdown as >>it should while the the OS is shutting down. Traffic ceases almost >>immediately with IPFW and IPFILTER. >> >> > >Hmmm? So you are saying that staying up as long as possible is an error? I >don't quite see the point in shutting down early. If you still want to, you >can script it somewhere. "echo block all | pfctl -Fa -f-" > > > Well ... what is the state of the firewall at this time? Is it just stateful connections that are open? IPFW and IPFILTER both close these connections immediately. I am reasonably sure that this should probably behave similar to the other packet filters. Tom Veldhouse --------------enig9A3ED5F9800366EBFFCC74BD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBSvEeARgTFXYf0wARAvIzAKCFQppX2xKaI7V48z/n1uEkc0qdhgCfWpD6 cbHnILHr5QVwCogVsEVslWE= =AU5j -----END PGP SIGNATURE----- --------------enig9A3ED5F9800366EBFFCC74BD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?414AF11B.1070806>