[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-pf
Subject:    how to turn off pfsync globally
From:       Michael Weiser <michael () weiser ! dinsnail ! net>
Date:       2005-07-10 16:51:22
Message-ID: 20050710165122.GA70950 () weiser ! dinsnail ! net
[Download RAW message or body]

Hello,

I'm having trouble silencing pfsync. It insists on broadcasting packets
like this

rule 38/0(match): block out on xl1: 10.10.1.2 > 0.0.0.0:  pfsync 228

to the external network interface for every state change. Up until now I
circumvented that by adding the no-sync option to every rule. But since
I installed pftpx I get those broadcasts again, seemingly because
pftpx's dynamic rules don't have the no-sync option. Now I did another
hack and just said

ifconfig pfsync0 syncdev lo0

But this certainly isn't the right way to do it[tm].

Confusingly the pf documentation on www.openbsd.org says:

> By default, pfsync(4) does not send or receive state table updates on
> the network; however, updates can still be monitored using tcpdump(8) or
> other such tools on the local machine.

Why am I getting them on my external interface then?
How do I globally switch off pfsync if I don't need it?

Thanks in advance.
-- 
bye, Micha

[prev in list] [next in list] [prev in thread] [next in thread]