Date: Thu, 9 Jun 2005 13:48:14 -0700 From: Matt Rechkemmer <tiberius@trancell.org> To: Giorgos Keramidas <keramida@ceid.upatras.gr> Cc: freebsd-questions@freebsd.org Subject: Re: pf block question Message-ID: <20050609204814.GA11510@sdf.lonestar.org> In-Reply-To: <20050609105116.GA87877@orion.daedalusnetworks.priv> References: <20050607064323.GA29038@sdf.lonestar.org> <20050607105030.GA44218@orion.daedalusnetworks.priv> <20050609101805.GA11341@sdf.lonestar.org> <20050609105116.GA87877@orion.daedalusnetworks.priv>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 09, 2005 at 01:51:16PM +0300, Giorgos Keramidas wrote: > > If you add "quick" to the `block from <badhosts>' rule, packets from > these hosts will immediately be dropped -- which is what you probably > want to do, if I have understood what you wrote so far. > > - Giorgos OK, I've added quick to the rule (surprised I forgot it there). Here's the new rule: block drop quick on fxp0 from <badhosts> to any. Now, when I send ICMP packets to that host (for testing), I *still* get them back but with an extreme amount of loss. If I comment the rule, the loss disappears. I'm at a loss as to why the traffic still isn't dropped. -- Matt Rechkemmer tiberius@trancell.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050609204814.GA11510>