Hello, I run FreeBSD 6.2, FreeBSD 6.1 on the same result.
When I run pfctl-k target_ip I expect that will be killed every state with
target_ip, but killed only if target_ip a source.
The source address is located on the left in the withdrawal pfctl -ss rather
than one who is the arrow.
Example :
FreeBSD-GW# pfctl -ss
self tcp 192.168.17.238:1766 -> 217.17.178.234:57229 -> 64.233.183.147:80
ESTABLISHED:ESTABLISHED
self tcp 64.233.183.147:80 <- 192.168.17.238:1766 ESTABLISHED:ESTABLISHED
self tcp 192.168.17.200:22 -> 192.168.17.238:1305 ESTABLISHED:ESTABLISHED
FreeBSD-GW# pfctl -k 192.168.17.238
killed 1 states from 1 sources and 0 destinations
FreeBSD-GW# pfctl -ss
self tcp 64.233.183.147:80 <- 192.168.17.238:1766 ESTABLISHED:ESTABLISHED
self tcp 192.168.17.200:22 -> 192.168.17.238:1305 ESTABLISHED:ESTABLISHED
FreeBSD-GW# pfctl -k 64.233.183.147
killed 1 states from 1 sources and 0 destinations
FreeBSD-GW# pfctl -ss
self tcp 192.168.17.200:22 -> 192.168.17.238:1305 ESTABLISHED:ESTABLISHED
FreeBSD-GW#
Task would be solved if we can kill all the states where destination is
target_ip .
For example in OpenBSD running command :
#pfctl -k 0.0.0.0/0 -k 192.168.2.238
but my computer has responded:
pfctl: getaddrinfo: hostname nor servname provided, or not known
Hope for your help in solving this problem.
--
Sorry for my English!
Sincerely,
Byzov Alexander mailto : [EMAIL PROTECTED]
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
