hi all pfctl -k does kill a only state. it doesn't connection kill.
so, At yesterday i tested a tcpkill in dsniff on my test PF/bridge firewall. tcp connection kill is a useful on PF. examples on PF/bridge) pfctl -ss | grep xxx.xxx.xxx.xxx ( search clent ip in state table) tcpkill -i fxp1 src host xxx.xxx.xxx.xxx and dst host xxx.xxx.xxx.xxx ( server ip) ( client ip) dsniff patch for PF/bridge) --- pcaputil.c.orig Sat Nov 30 01:44:27 2002 +++ pcaputil.c Sat Nov 30 01:48:29 2002 @@ -73,7 +73,9 @@ } if (pcap_lookupnet(intf, &net, &mask, ebuf) == -1) { warnx("%s", ebuf); - return (NULL); + /* required for IP less machine */ + net = 0; + mask = 0; } if (pcap_compile(pd, &fcode, filter, 1, mask) < 0) { pcap_perror(pd, "pcap_compile");