Upgraded to 2.1.5, pfctl says 0 states but it's working
-
I don't know if it's related to the upgrade, but since upgrading a 4GB nano from 2.1.4 to 2.1.5 pfctl/pftop are showing no states, no queues, etc:
pfctl -s all FILTER RULES: No queue in use INFO: Status: Enabled for 0 days 04:20:57 Debug: Urgent State Table Total Rate current entries 0 searches 195429 12.5/s inserts 0 0.0/s removals 0 0.0/s Counters match 195429 12.5/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 0 0.0/s state-mismatch 0 0.0/s state-insert 0 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s divert 0 0.0/s TIMEOUTS: tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s tcp.tsdiff 30s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 30s interval 10s adaptive.start 0 states adaptive.end 0 states src.track 0s LIMITS: states hard limit 23000 src-nodes hard limit 23000 frags hard limit 5000 tables hard limit 3000 table-entries hard limit 200000 OS FINGERPRINTS: 710 fingerprints loadedSeems to be running normally, but really weird. I have rebooted a couple times. There has to be at least one state, since I'm ssh'd in, openvpn tunnel is up, etc. Any thoughts?
 -
Umm. This is bad.
I have ssh and webconfigurator source ip restricted on WAN to a couple admin sites. It's allowing ssh to the WAN from anywhere despite source IP restrictions.
-
This was apparently me not explicitly setting a bandwidth for shaping on a pppoe interface. It was like the rules didn't load. I cleared the shaper and it seems to have gone back to normal.
