On Thu, Nov 17, 2005 at 01:57:06PM -0500, Jon Hart wrote: > > If 'pf' is blocking new SYN packets because of an existing FIN-WAIT > > table entry for the same quad, that may be proper behavior, yet "too > > strict". > > I don't believe pf is doing the blocking here, and if it is it sure > isn't logging them as such. Based on what others have said and what > I've read, this is the kernel at work.
You can check if it's pf blocking them by running pfctl -si, see if the 'state-mismatch' counter (or any other, actually) is increasing with each SYN. If so, you can enable debug logging with pfctl -xm, then check /var/log/messages for line from pf. Daniel
