hi all
pfctl -k does kill a only state. it doesn't connection kill.
so, At yesterday i tested a tcpkill in dsniff on my test PF/bridge firewall.
tcp connection kill is a useful on PF.
examples on PF/bridge)
pfctl -ss | grep xxx.xxx.xxx.xxx
( search clent ip in state table)
Ok, I remember round-robin DNS, but if you ever had the need to change
entries for
DNS servers, and you then see what T-Online, AOL and other "ISP's" do with
your time
settings, you begin to ask if this really works, despite the fact, that you
normally to some
sort of caching for the DNS queries, a
On Fri, 29 Nov 2002, Stefan Sonnenberg-Carstens wrote:
> So, do you think it might be better to use ipfilter than pf on OpenBSD in
> that case ?
This feature ("round-robin sticky") is not in ipfilter 3.4.30 (released
this week), so it's only available in ipfilter 4.0 alpha.
To implement sticky b
[ wild cross-posting reduced to pf list ]
On Fri, Nov 29, 2002 at 10:21:22AM +0100, Stefan Sonnenberg-Carstens wrote:
> @Daniel Hartmeyer : is auto-detection of down hosts implemented in the
> load-balancing code
> in pf ?
No, that will be done by a userland daemon. As mentioned before, people
w
sorry, www.heise.de, not www.heisse.de !
- Original Message -
From: "Stefan Sonnenberg-Carstens" <[EMAIL PROTECTED]>
To: "Darren Reed" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, November 29, 2002 10:21 AM
Subject: Re: pf address pools
> So, do you thin
So, do you think it might be better to use ipfilter than pf on OpenBSD in
that case ?
And the next question is, is it useful to have a wide spread (more than on
IP subnet) servers
to do load-balancing on ?
After all, that is a feature, the BigIP supports and I know that atleast
www.heisse.de is usi