Hello pf,
I don't know if its bug or not.
I'm doing next thing. Sitting on 192.168.114.38.
1. set 'max 1' in rule
flare# pfctl -Fa -e -Rf /home/bullet/pf.conf-max-text
rules cleared
nat cleared
altq cleared
states cleared
pf: statistics cleared
0 tables deleted.
pfctl: pf already enabled
flare# pfctl -sr
block drop in on rl0 inet proto tcp from 192.168.114.134 to any
pass in on rl0 inet proto tcp from 192.168.114.134 to 192.168.114.38 \
port = ssh flags S/SA keep state (max 1)
2. connecting from 192.168.114.134
flare# pfctl -ss
tcp 192.168.114.38:22 <- 192.168.114.134:8750 ESTABLISHED:ESTABLISHED
second connetion fail on timeout. seems all works fine.
3. reload rules (w/ no changes)
flare# pfctl -f /home/bullet/pf.conf-max-text
flare# pfctl -sr
block drop in on rl0 inet proto tcp from 192.168.114.134 to any
pass in on rl0 inet proto tcp from 192.168.114.134 to 192.168.114.38 \
port = ssh flags S/SA keep state (max 1)
4. and now i can connect once more
flare# pfctl -ss
tcp 192.168.114.38:22 <- 192.168.114.134:8750 ESTABLISHED:ESTABLISHED
tcp 192.168.114.38:22 <- 192.168.114.134:21490 ESTABLISHED:ESTABLISHED
ok, i can do
pfctl -Fs -f /home/bullet/pf.conf-max-text
but it will drop my exsisting conections.
so its normal behaviour or not?
--
Dmitriy Medvedev
JSC "Oganer-service"
