Hello, my name is chengang, I'm from china. yesterday, I tried to test pf's
function, a problem was happened, Details as Follows.
1.The test environment
1)a server with installed OpenBSD 5.6, I give the name "mySrv", and it's IP
is "10.0.21.211".
2)a client with installed Windows7, I give the name "myClt".
3)a pf config file including the following rules, with the name "pf.conf".
......
block all
pass in on $int_if proto icmp from <admin>4)a pf config file including
the following rules, with the name "pf.conf.local".
......
block all
#pass in on $int_if proto icmp from <admin>
2.The procedure witch making the problem
1)load the config file "pf.conf" on "mySrv"
2)exec "ping 10.0.21.211 -t" on "myClt" with "cmd" window, and the result
like the pic as follows, the icmp proto communication was passed.
3) now, keeping the "ping" command running on "myClt", and then load the
config file "pf.conf.local" on "mySrv".
According to the rules set in “pf.conf.local”, the icmp proto
communication shoud be block at this time.
But in fact, the communication was still passed just like the above pic
showing.
So I wonder if the pf has a problem with itself or I have problems in
operation with myself.
3.any operations to solve the problem
Afterwards I tried any operations to solve the above problem, finally I found
if I first stop the "ping" command on "myCtl" and wait a moment just less than
3 sec or more, then reload the file "pf.conf.local", the result perhaps was
correct.
Steps as shown below with the pic.
-----------------------------------------------------------------------------------------------------------------------
The above is my reports for a problem I guess that, please verify it, Thank you
for your hard work and I like to use the OpenBSD, so wish a better for it.
