Steven wrote:
> * Jim <[EMAIL PROTECTED]> [060307 20:36]:
>> The problem is that if the kid is already logged into AOL Instant
>> messenger, the connection is not broken. So even though she is
>> grounded, she can still chat all day on AIM. Why isn't this pf.conf
>> file blocking everything on that computer?
> I'm not anything of a pf expert, but shouldn't this be expected if
> you have keep state rules in your pf.conf? I mean, you've changed
> the rule-set, but the connection was set up before the change, and pf
> will want to keep allowing the packets from the connection to pass
> as a result.
>
> Just my $0.02 CDN, even with the current exchange rates, still not
> worth a lot. I'll let the real experts handle it from here. :-)
Aye. You're flushing rules and NAT, but not your state table. Since
the state is already established, rules aren't re-evaluated. Adding a
state flush ought to get AOL wiped out. Just be mindful that if you
have something going on (like an SSH session), those states will also
get nailed.
