On 2005-06-09 13:48, Matt Rechkemmer <[EMAIL PROTECTED]> wrote:
> On Thu, Jun 09, 2005 at 01:51:16PM +0300, Giorgos Keramidas wrote:
> >
> > If you add "quick" to the `block from <badhosts>' rule, packets from
> > these hosts will immediately be dropped -- which is what you probably
> > want to do, if I have understood what you wrote so far.
>
> OK, I've added quick to the rule (surprised I forgot it there). Here's the
> new rule: block drop quick on fxp0 from <badhosts> to any. Now, when I send
> ICMP packets to that host (for testing), I *still* get them back but with an
> extreme amount of loss. If I comment the rule, the loss disappears.
>
> I'm at a loss as to why the traffic still isn't dropped.
Existing icmp states?
Did you reload the rules with:
/etc/rc.d/pf reload
or by directly running pfctl?
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
