On 2017/08/12 14:33, Walter Alejandro Iglesias wrote:
> In article <5127ac707aa6f...@server.roquesor.com> you wrote:
> > Hi Stuart,
> > 
> > In article <slrnootn18.31bc....@naiad.spacehopper.org> you wrote:
> > > On 2017-08-12, Walter Alejandro Iglesias <w...@roquesor.com> wrote:
> > > > Yesterday while copying a big file from one machine to another in my LAN
> > > > I noticed that restarting pf:
> > > >
> > > >   # pfctl -d && pfctl -e -f /etc/pf.conf
> > > >
> > > > scp stops and quits showing this message:
> > > >
> > > >   - stalled - Conection reset by 192.168.1.*  Lost connection
> > > >
> > > >
> > > > Is this expected or is a bug?
> > > >
> > > >
> > > >
> > > 
> > > Expected.
> > > 
> > > PF is a state-inspecting firewall and verifies things like TCP sequence
> > > numbers; it needs to see the initial connection handshake to pick up the
> > > wscale value.
> > > 
> > > I would recommend just reloading the ruleset rather than disabling and
> > > re-enabling PF first.
> > > 
> > > 
> > 
> > I have this rule:
> > 
> > block in log quick inet proto tcp from <port22> to port ssh
> > 
> > That reads IPs from a the "port22" file which is updated from a script
> > in a cronjob.  I ignore which command to use to re-read that file
> > without causing the interrupt.
> > 
> > 
> > 
> 
> You mean doing only this?
> 
> # pfctl -f /etc/pf.conf

Yes.

Reply via email to