Bug #2586

pf: "modulate" state seems problematic

Added by srussell 10 months ago.

Status:NewStart date:09/25/2013
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

Since 2010, I got constant reboot problems while using some particular configuration for pf.

I finally found the root of the problem. I fixed it by replacing this configuration:

pass out on $ext_if inet proto { tcp udp icmp } all modulate state

with this:

pass out on $ext_if inet proto { tcp udp icmp } all keep state

It seems that de "modulate" state is problematic. Since I replaced it by "keep state", my firewall is working normally without panic or unwanted reboots.

My firewall server is using DragonFly v3.2.2.6.g1bd21-RELEASE in 32 bits.

Also available in: Atom PDF