Thank you for your replies so far.
Interestingly enough, killing off stateful
filtering seems to have done the
trick.
The router happens to be running BGP
along with another couple of OpenBSD boxes
also running BGP.
After much
extensive digging, I eventually found this little paragraph
I had an issue like this a couple years ago. Turned out that the
Solaris box I was SSH-ing into had NWAM misconfigured, which was causing
it to periodically reset connections. It looked like a PF issue because
what I saw was PF blocking a session it had previously accepted, but the
reality
I have
tried the following more specific pass rule above the previous admin rule
:
pass in quick inet proto tcp from admin_nets to any port ssh flags
S/SAFR
keep
state queue q_admin
But that makes no difference.
Is it under testing or production?
Is it possible to remove *queue q_admin*
Hello list,
At the top of my pf.conf, I have the following :
pass in quick
inet from admin_nets to any queue q_admin
And right at the bottom :
block
in log quick to server_interfaces
I can establish an SSH connection with
no problem. But consistently after
about 30 seconds, my session
4 matches
Mail list logo
