Tr0go [EMAIL PROTECTED] writes:
Is there a way to set timeout setting for a given pf
table ?
On my list of things to look into Real Soon Now is a utility which
should fit the bill: expiretable. expiretable lives at
http://expiretable.fnord.se/ and has made it into the ports system.
--
Peter
Thank you all for your good suggestions and
explanations ! :-)
I have a very long list mine has never blanked out.
Matter of fact
because of policy I started using cron to pipe it to
a flat file and
clear it out myself but before that I know I had 40
days or more of ip's
in that list which
On Thu, Feb 02, 2006 at 08:53:50AM +0100, Tr0go wrote:
My ISP is resetting the line every 20 hours. So it run
automatically ppp.linkdown which restart pf with new
parameters as tun0 get a new IP address and pf rules
need to be updated... and THAT is the problem.
You're not running pfctl -Fa
Tr0go [EMAIL PROTECTED] writes:
My ISP is resetting the line every 20 hours. So it run
automatically ppp.linkdown which restart pf with new
parameters as tun0 get a new IP address and pf rules
need to be updated... and THAT is the problem.
Isn't that what the (interface) notation is supposed
Hi,
a friend of mine said he had stumbled over a commit message about PF
allowing for other applications to inspect packets on the fly. Can
someone confirm this, or is he completely wrong?
Magne
top post... ok
I *think* I have tracked it down...
I had dmz4-dmz6 100% configured but no cables connected to the switch. The
carp interfaces for them were in init state as they could not talk to each
other. Although it all seemed to work as it should for all other interfaces.
This means all
Right. When preempt is set any carp interface which has a real interface
down causes all carps to use 240 for the skew. At this point I think it is
simply a race to see which interface takes MASTER. That is why I used
preempt on only one FW. This insures that, in a situation like the one
As I understand it, preempt is all or nothing. So if I have FW's configured
like,
ISP switch
/ \
| |
FW1-- DMZ --FW2 [That's one DMZ switch]
| switch |
\ /
LAN switch
If I wish FW1 to be primary and FW2 to be secondary I set advskew on FW1 to
be
