SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-22-2008, 11:34 AM
| ||||
| ||||
 amd64 pf statistics glitch? both my sparc64 and amd64 have this in their pf.conf ... table <nasty> persist file "/etc/nasty" ... # start of filtering rules block log all block drop in quick from <nasty> to any ... pass in proto tcp to <pubaddr> port ssh flags S/SA queue qext \ keep state (max-src-conn-rate 5/60, overload <nasty> flush global) ... Seems to work OK as the <nasty> table on both machines grows as expected. The difference is the output of pfctl -vvs rules sparc64: @1 block drop in quick from <nasty:68> to any [ Evaluations: 868915 Packets: 88 Bytes: 4440 States: 0 ] blocked 88 packets... seems about right. amd64: @1 block drop in quick from <nasty:35> to any [ Evaluations: 38289 Packets: 0 Bytes: 0 States: 0 ] The statistics say that rule never blocked a packet yet in the last 24 hours 4 addresses were added to the <nasty> table. I don't think I've ever seen a non-zero number of packets for this rule. Perhaps there is something funky with amd64 pf statistics gathering and/or reporting? The sshd log output makes me suspect that packets are indeed being blocked. // marc      |
Linear Mode
