One of the sites that I maintain is moving to a different firewall.
WatchGuard Firebox X1000. None of the full time admins can work with vi for
system changes.
This is a feature on the firewall. If attempts are made on ports that are
close, all ports will be blocked for about 20 minutes.
Don't
> pass in on $ext_if from $box_admins to any keep state
No longer getting disconnected !!!
Thank you so much :)
On Thu, 2005-08-04 at 19:30, Thomas T. Veldhouse wrote:
> Rod wrote:
>
> >Hi,
> >
> >I was wondering if anyone has come across this before.
> >
> >I'm running FreeBSD 5
Rod wrote:
Hi,
I was wondering if anyone has come across this before.
I'm running FreeBSD 5.4-RELEASE running PF from rc.conf. I ssh into this
box as a non-root user then su. On doing a ps -auwx I instantly get
disconnect with Connection to 192.168.2.3 closed by remote host.
Connection to 192
Thanks for that here's the output, currently looking down the path that
maybe it's ssh miss-behaving
pfctl -xm:
No ALTQ support in kernel
ALTQ related functions disabled
debug level set to 'misc'
pfctl -si:
No ALTQ support in kernel
ALTQ related functions disabled
Status: Enabled for 0 days 00
On Thu, Aug 04, 2005 at 06:48:23PM +0100, Rod wrote:
> Have tried lists,google and multiple different variations of the above
> pf.conf but it's still happening. Any suggests?
Enable debug logging in pf (pfctl -xm), make sure all blocked packets
are logged and pflogd is running. Print the current
Hi,
I was wondering if anyone has come across this before.
I'm running FreeBSD 5.4-RELEASE running PF from rc.conf. I ssh into this
box as a non-root user then su. On doing a ps -auwx I instantly get
disconnect with Connection to 192.168.2.3 closed by remote host.
Connection to 192.168.2.3 close
BB wrote:
If a host is sending packets on ports that aren't even open can it
temporarily close all connections to this host.
I don't think this a task pf itself should do but you can implement
something to monitor connections attemps on closed ports and then
inspect the pf's state table (pfc
Sorry about the mis-attribution. The idea was Karl's. Here's the
implementation, just in case anyone wants to patent it, there's already
prior art now :P
This is against -current, test feedback welcome.
Daniel
Index: pf.c
===
RCS f
