Dnia poniedziaĆek, 1 maja 2017 19:29:23 CEST Babak Farrokhi pisze: > Hello, > > I was running an experiment with pf in which I encountered an unusual case. > > In a nat setup, is this okay to have multiple similar entries in source > tracking table? > > # pfctl -sS > 192.168.232.1 -> 192.168.0.104 ( states 0, connections 0, rate 0.0/0s ) > 192.168.232.1 -> 192.168.0.104 ( states 0, connections 0, rate 0.0/0s ) > 192.168.232.1 -> 192.168.0.104 ( states 0, connections 0, rate 0.0/0s )
Such entries can be created from different rules in currently loaded pf.conf, that includes multiple rules generated from a single line in pf.conf which contains a table of ports or interfaces which gets expanded to multiple rules or they can be still alive from previous load of pf.conf. > I can reproduce this behavior by reloading pf.conf That is exactly the case. Each source tracking entry is bound to rule and when you load pf.conf a new set of rules replaces the old ones even if they are the same. -- | pozdrawiam / greetings | powered by Debian, FreeBSD and CentOS | | Kajetan Staszkiewicz | jabber,email: vegeta()tuxpowered net | | Vegeta | www: http://vegeta.tuxpowered.net | `------------------------^---------------------------------------'
signature.asc
Description: This is a digitally signed message part.
