IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New OpenBSD PF rules refresh
Can I always safely reload the rules and expect it to not drop any current active connections?

I've done testing that shows it works, but I'd rather see something in the docs or FAQ that supports that statement.
New You have to use this kind of thing.
table <id439E4021.2> { FWexternIP , FWinternIP }


pass in quick inet proto tcp from yourIP to <id439E4021.2> port 22 modulate state label "RULE -1 -- ACCEPT "


I am assuming you have already done tables? pfctl can and does do tables. You should put these two lines first.

That will never deny access from that IP. The <id439E4021.2> is an arbitrary number. It could have been <id11111111.1> or <1fishingtime>

I am not sure about it severing connections and making them re-connect. Though, I have never heard of it doing that.
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey
Freedom is not FREE.
Yeah, but 10s of Trillions of US Dollars?
SELECT * FROM scog WHERE ethics > 0;

0 rows returned.
Expand Edited by folkert Dec. 9, 2005, 02:29:26 PM EST
     OpenBSD PF rules refresh - (broomberg) - (1)
         You have to use this kind of thing. - (folkert)

RESISTANCE IS USELESS!
54 ms