Bug #2586

pf: "modulate" state seems problematic

Added by srussell about 3 years ago.

Status:NewStart date:09/25/2013
Priority:NormalDue date:
Assignee:-% Done:


Target version:-


Since 2010, I got constant reboot problems while using some particular configuration for pf.

I finally found the root of the problem. I fixed it by replacing this configuration:

pass out on $ext_if inet proto { tcp udp icmp } all modulate state

with this:

pass out on $ext_if inet proto { tcp udp icmp } all keep state

It seems that de "modulate" state is problematic. Since I replaced it by "keep state", my firewall is working normally without panic or unwanted reboots.

My firewall server is using DragonFly v3.2.2.6.g1bd21-RELEASE in 32 bits.

Also available in: Atom PDF