Hello,
Using pf on -current doing nat and I want to kill all of the states
related to a specific internal IP address but I'm having an issue
doing so.
I have as an example (79.39.147.11 is outside IP from ISP):
# pfctl -ss |grep '1\.100'
all tcp 79.39.147.11:53190 (192.168.1.100:58853) -> 67.2.45.22:12510
ESTABLISHED:ESTABLISHED
all tcp 79.39.147.11:62777 (192.168.1.100:40664) ->
26.217.28.131:25794 ESTABLISHED:ESTABLISHED
all tcp 79.39.147.11:58425 (192.168.1.100:39548) ->
33.127.87.221:24324 ESTABLISHED:ESTABLISHED
None of the wildcard scenarios associated with internal address will
kill the above states:
pfctl -k 192.168.1.100 -k 0.0.0.0/0
pfctl -k 0.0.0.0/0 -k 192.168.1.100
I can use:
pfctl -k 79.39.147.11 -k 67.2.45.22
or:
pfctl -k 0.0.0.0/0 -k 67.2.45.22
each connected outside IP address must be specifically specified. Not
so bad if it was only 3 addresses but that's not the case.
I'm not even quite sure what those states mean - why is the internal
address in (). If memory serves (be kind it doesn't always) the "old
pf" had states like:
all tcp 192.168.1.100:58853 -> 67.2.45.22:12510
all tcp 67.2.45.22:12510 <- 192.168.1.100
where the internal address didn't show up in parens, and it was easy
to kill all of the states related to a specific internal IP address.
It seems that is now impossible (at least I haven't figured it out
yet).
Thanks for any assistance,
Chris
