In article <20170812123632.p7zgt2l4kz43y...@symphytum.spacehopper.org> you wrote: > On 2017/08/12 14:33, Walter Alejandro Iglesias wrote: > > In article <5127ac707aa6f...@server.roquesor.com> you wrote: > > > Hi Stuart, > > > > > > In article <slrnootn18.31bc....@naiad.spacehopper.org> you wrote: > > > > On 2017-08-12, Walter Alejandro Iglesias <w...@roquesor.com> wrote: > > > > > Yesterday while copying a big file from one machine to another in my > > > > > LAN > > > > > I noticed that restarting pf: > > > > > > > > > > # pfctl -d && pfctl -e -f /etc/pf.conf > > > > > > > > > > scp stops and quits showing this message: > > > > > > > > > > - stalled - Conection reset by 192.168.1.* Lost connection > > > > > > > > > > > > > > > Is this expected or is a bug? > > > > > > > > > > > > > > > > > > > > > > > Expected. > > > > > > > > PF is a state-inspecting firewall and verifies things like TCP sequence > > > > numbers; it needs to see the initial connection handshake to pick up the > > > > wscale value. > > > > > > > > I would recommend just reloading the ruleset rather than disabling and > > > > re-enabling PF first. > > > > > > > > > > > > > > I have this rule: > > > > > > block in log quick inet proto tcp from <port22> to port ssh > > > > > > That reads IPs from a the "port22" file which is updated from a script > > > in a cronjob. I ignore which command to use to re-read that file > > > without causing the interrupt. > > > > > > > > > > > > > You mean doing only this? > > > > # pfctl -f /etc/pf.conf > > Yes. > >
I just tried it and works OK. Thank you very much.
