hi sashan, On Thu, Dec 29, 2022 at 02:17:58AM +0100, Alexandr Nedvedicky wrote: > Hello Tamas, [...] > I can confirm you are hitting the same issue as pointed out > by Hrvoje. dlg@ came with better fix which has been committed [1] > two weeks ago to current.
Thanks, this is great news! :) > if upgrading to snapshots is not an option for you. can you give > a try to patch below? it's dlg's commit merged to 7.2. There is > some divergence between current and 7.2 (*_state_import()) got > moved from if_pfsync.c to pf.c in current. I had to craft that > part of diff manually. > > thanks a lot for your help I am going to advise the team operating the firewall. I have 2 goals: . have the issue fixed (and get the hosts stable) . end up with something that is upgradable (e.g.: syspatch) in a reasonable way (and probably have the fix available for others) If applying the patch to 7.2 helps with the testing to get a syspatch out that would be probably the best. Regards, Tamás --
