hi all
pfctl -k does kill a only state. it doesn't connection kill.
so, At yesterday i tested a tcpkill in dsniff on my test PF/bridge firewall.
tcp connection kill is a useful on PF.
examples on PF/bridge)
pfctl -ss | grep xxx.xxx.xxx.xxx
( search clent ip in state table)
tcpkill -i fxp1 src host xxx.xxx.xxx.xxx and dst host xxx.xxx.xxx.xxx
( server ip) ( client ip)
dsniff patch for PF/bridge)
--- pcaputil.c.orig Sat Nov 30 01:44:27 2002
+++ pcaputil.c Sat Nov 30 01:48:29 2002
@@ -73,7 +73,9 @@
}
if (pcap_lookupnet(intf, &net, &mask, ebuf) == -1) {
warnx("%s", ebuf);
- return (NULL);
+ /* required for IP less machine */
+ net = 0;
+ mask = 0;
}
if (pcap_compile(pd, &fcode, filter, 1, mask) < 0) {
pcap_perror(pd, "pcap_compile");