On Wednesday 31 May 2006 19:03, Diego Linke wrote:
> Alexey,
>
> > A network prefix length of 0 can be used as a wildcard. To
> > kill all states with the target ``host2'':
> >
> > # pfctl -k 0.0.0.0/0 -k host2
> >
> > so why don't you kill all states to dead pool member right after removing
> > it from the <lb> table?
>
> This is not work!
> The problem is that this command to erase the STATES, however the SOURCE
> keeps.
previously, you have referred to this quote from pfctl.conf(5))
Additionally, the sticky-address option can be specified to help ensure
that multiple connections from the same source are mapped to the same
redirection address. This option can be used with the random and round-
robin pool options. Note that by default these associations are de-
stroyed as soon as there are no longer states which refer to them; in or-
der to make the mappings last beyond the lifetime of the states, increase
the global options with set timeout source-track See STATEFUL TRACKING
OPTIONS for more ways to control the source tracking.
so I think you broke pfctl -k by explicitly specifying src.track. why do you
need src.track?
