Perhaps I've misread the man page, but it's not obvious to me how to zero the PF counters. For example, 'pfctl -si' shows a non-zero congestion counter, and I'd like to clear that counter after I think the congestion issue is remedied. But I see no way to do that (apart from a reboot). How to do this?
Change in subject... One odd symptom I've experienced is that permitted users will login (SSH) to a host behind the firewall successfully, work with the system for a few minutes, then get disconnected suddenly. When I TCP dump from the login host, I see his/her session established successfully and work begins. Then, a few minutes after successful flow of traffic both directions, the user's desktop sends a long flurry of TCP resets as the connection is lost. When I disable PF (pfctl -d) on the firewall, the symptom vanishes. Now, if the ruleset had handled the TCP state wrongly, then I would have expected the TCP connection to not have survived long enough for the user to get several minutes of work done. The firewall's pflog (block log) shows no packets dropped for these connections, and there are no entries for packets dropped due to congestion. What's an interpretation of this? I am baffled for the moment. Another change in subject... The PF man page gives meager detail about the congestion counter. And the only FAQ items for this that I can find are related to queueing (and I don't have queues in my ruleset). What is the meaning of a non-zero congestion counter, and what action is PF taking when the congestion counter is incremented? Bill -- William Bloom| Snr Systems Engineer|M P H A S I S Architecting Value | Eldorado Computing 5353 North 16th Street, Suite 400 Phoenix, Az 85016 | Direct: +11-602-604-3100 | Fax: +11-602-604-3115| http://www.eldocomp.com -- CONFIDENTIALITY NOTICE -- Information transmitted by this e-mail is proprietary to MphasiS and/or its Customers and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please notify us immediately at [EMAIL PROTECTED] and delete this mail from your records.
