On 12/03/2021 17:07, mike tancsa wrote:
Hi All,
Does anyone know of any equiv of expire table from the ports ? Its
now broken on RELENG_12 and 13.x
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253547
You can use pfct with command expire:
# pfctl -v -t $table -T expire $ttl
Mirosl
Hi All,
Does anyone know of any equiv of expire table from the ports ? Its
now broken on RELENG_12 and 13.x
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253547
---Mike
___
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mail
On 3/12/2021 12:25 AM, Max wrote:
> You can use overload option.
> "With the overload state option, source IP addresses which hit
> either of the limits on established connections will be added to the
> named table."
>
> pass out log quick on $if_lan inet proto tcp to $rdp_int port rdp keep
> stat
On 12 Mar 2021, at 14:00, Patrick Lamaiziere wrote:
I've read the code of pfctl a bit. If pfctl crashes in
pfctl_optimize_ruleset, is there a risk to leave pf in a bad state ?
Looks like the rules are sent to pf via ioctl after the optimization
so a crash before should be harmless (?).
That s
On Wed, 10 Mar 2021 20:48:15 +0100
"Kristof Provost" wrote:
Hello,
> > FreeBSD 11.4-RELEASE-p3 / amd64
> >
> > Yesterday while loading a ruleset, pfctl core dumped with a
> > segmentation fault (see gdb below)
> >
> > We are recently using some big tables so may be this is what
> > triggered the
