Project

General

Profile

Actions

Bug #389

closed

modulate state

Added by bastyaelvtars over 17 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
PF
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

If I create a rule:
pass out quick on $iface proto tcp from any to any flags S/SA modulate state
the connections don't initiate. Replacing 'flags S/SA modulate state' to
'keep state' salvages this.

Actions #1

Updated by bastyaelvtars over 17 years ago

Update: some web pages just don't load, clients behind the firewall
cannot even connect to those particular servers (www.iwiw.hu for
example). Tcpdump shows nothing, when we disable pf, they load.

Actions #2

Updated by bastyaelvtars over 17 years ago

Behind my other bridge, the aforementioned page loads. I recall reports
on similar behaviour with OpenBSD 3.6, we did not have this with OpenBSD
3.7 and 3.8. I think the only salwage for this will be a PF update in
the base system, until then, I'll redirect the requests targeting this
(popular) website to an HTTP proxy.

Actions #3

Updated by bastyaelvtars over 16 years ago

The non-loadinbg web page issue seems to be fixed by Matt's commit:
http://leaf.dragonflybsd.org/mailarchive/commits/2007-08/msg00160.html
However, the 'modulate state' thing still does not work.

Actions #4

Updated by tuxillo about 11 years ago

  • Description updated (diff)
  • Status changed from New to Feedback
  • Assignee deleted (0)

Hi,

pf(4) was updated long after this bug ticket was opened. Can you please check it out in current master/release?

Thanks,
Antonio Huete

Actions #5

Updated by tuxillo almost 2 years ago

  • Description updated (diff)
  • Category set to PF
  • Status changed from Feedback to Closed
  • Assignee set to bastyaelvtars

Although pf was updated, no feedback was provided.

Actions

Also available in: Atom PDF