On Tue, 2006-11-14 at 15:59 +0000, Tobias Weingartner wrote: > In article <[EMAIL PROTECTED]>, Chris Cameron wrote: > > > > I have a 3.8 PF/CARP setup that I can reproducibly screw up simply by > > cat'ing lots of text over a telnet session. > > Chances are that you're hitting some bug in 3.8, that has likely been > fixed in 3.9, or 4.0. Or the rule you're using to pass the traffic is > wrong. You using "keep state"? Are you using 'flags S/SA' on that > rule?
The firewall works fine, and has been working fine since 3.8 was released. It's this one specific thing that kills it. I'm fairly certain it isn't PF. Upgrading isn't an option. I mean it is, but as soon as I say "Don't know, lets just upgrade", that's a major hit to something that was tough to get in in the first place. This will be a Firewall-1 shop again quite quickly and any future thing I recommend isn't going to have much weight. > With the amount of information you've given, it is hard to even theorize > what could be wrong. People would need more information. I mentioned this in my original email. What do you want for information? Cause I'll post it if you think it'll help, but as I explained, I don't believe it's PF. The entire machine acts as if nothing is wrong, so short of including ever single configuration file I've touched, and the output of most system commands, I'm not certain of what to include. I can disable and re-enable PF. I've turned on debugging in PF. PF continues to work for the other 4 networks both natting and filtering. I don't think this is the problem. Chris > --Toby.
