on the
other side. All my routers are openbsd 4.4-current, armed with BGPd and
PF
enabled. This may got something todo with stateful nature of PF, which
I'm
I think you might find PF's 'sloppy' states useful if the problem is
only when using more than one upstream.
C.
Hi,
I read man [5] pf.conf
* Ted Unangst [EMAIL PROTECTED] [2008-06-20 20:50]:
One would only use sloppy state tracking on the load balancer, right?
not necessarily only, but that would be the most common use I bet.
In general, you use it when you cannot avoid it, as in, the other
option is to not filter stateful at
* Ted Unangst [EMAIL PROTECTED] [2008-06-20 20:50]:
One would only use sloppy state tracking on the load balancer, right?
not necessarily only, but that would be the most common use I bet.
In general, you use it when you cannot avoid it, as in, the other
option is to not filter stateful at all
One would only use sloppy state tracking on the load balancer, right?
The firewall in front of everything still uses normal tracking?
* Ted Unangst ([EMAIL PROTECTED]) wrote:
One would only use sloppy state tracking on the load balancer, right?
The firewall in front of everything still uses normal tracking?
Yes, you use sloppy state only on the host(s) seeing half of the trafic.
On Fri, Jun 20, 2008 at 08:58:36PM +0200, Pierre-Yves Ritschard wrote:
* Ted Unangst ([EMAIL PROTECTED]) wrote:
One would only use sloppy state tracking on the load balancer, right?
The firewall in front of everything still uses normal tracking?
Yes, you use sloppy state only on the
On Fri, Jun 20, 2008 at 12:49:43PM -0700, Darrin Chandler wrote:
Yes, you use sloppy state only on the host(s) seeing half of the trafic.
So to say it even more plainly... anywhere you are forced to deal with
asymetric routing you can use sloppy state in place of not having any
stateful
On Fri, Jun 20, 2008 at 02:47:18PM -0400, Ted Unangst wrote:
| One would only use sloppy state tracking on the load balancer, right?
| The firewall in front of everything still uses normal tracking?
This is why the router should also be running pf/OpenBSD ;)
Cheers,
Paul 'WEiRD' de Weerd
--
On Sat, Jun 21, 2008 at 09:12:22AM +0900, Ryan McBride wrote:
On Fri, Jun 20, 2008 at 12:49:43PM -0700, Darrin Chandler wrote:
Yes, you use sloppy state only on the host(s) seeing half of the trafic.
So to say it even more plainly... anywhere you are forced to deal with
asymetric
handling is taking care about half connection
closing now.
can you guess how much reyk was prodding me for the sloppy states? :)
I'm looking around and don't quite get sloppy states. Looking at the code
isn't quite helping. Anything else I can read?
--STeve Andre'
I'm looking around and don't quite get sloppy states. Looking at the code
isn't quite helping. Anything else I can read?
--STeve Andre'
I also would like some insight on ,
1:) exactly what is sloppy states meant to do
2:) what are some specific instances where we should use sloppy states
3
* Sam Fourman Jr. [EMAIL PROTECTED] [2008-06-11 04:41]:
I also would like some insight on ,
1:) exactly what is sloppy states meant to do
2:) what are some specific instances where we should use sloppy states
that has just been explained. comes down to don't.
3:) what is a case where
the hack to modify the closing timeout because
pf's sloppy state handling is taking care about half connection
closing now.
can you guess how much reyk was prodding me for the sloppy states? :)
I'm looking around and don't quite get sloppy states. Looking at the code
isn't quite helping
On Tuesday 10 June 2008 22:42:26 Henning Brauer wrote:
[snip]
I'm looking around and don't quite get sloppy states. Looking at the
code isn't quite helping. Anything else I can read?
like, pf.conf(5)?
sloppy
Uses a sloppy TCP connection tracker that does not check
14 matches
Mail list logo
