View Single Post
  #4   (View Single Post)  
Old 21st October 2011
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Why is 'overload table' works only when I remove the ssh port from udp_services?..
Your filter rule has two protocols in a list. This is expanded into separate rules by PF, which you can see with # pfctl -sr if you are interested.

I am guessing that having the two protocols, because they are expanded, is the root cause -- it inteferes with correct stateful processing.

SSH does not use UDP, so you can eliminate the problem by removing UDP from the rule.
Reply With Quote