On 2/04/2020 6:35 AM, D'Arcy Cain wrote:
On 2020-04-01 16:28, Mark Boyce wrote:
On 1 Apr 2020, at 22:14, Greg Troxel <[email protected]
<mailto:[email protected]>> wrote:
I think you need to use tcpdump and turn up firewall debugging.
sngrep is your friend …My bet is UDP vs TCP on firewall rules :-)
block drop in log quick on bge0 from <AUTOBLOCK> to any
block drop out log quick on bge0 from any to <AUTOBLOCK>
Am I misunderstanding pf? I thought that that would block TCP, UDP,
ICMP and anything else trying to get through.
Since I started looking at this closer I did find that only some
connections have this problem. Most get blocked as soon as the IP is
passed to the AUTOBLOCK table.
I suspect you have a good understanding of pf.
Have you included in your script running 'pfctl -k <ip_address>' to kill
any states that may exists after you update your <AUTOBLOCK> table?
In pf, like IP Filter, the last matching rule wins.
What can't be determined from the information provided is whether any
connections that have been established from networks you have listed in
the table <FRIENDS>, also appear in the <AUTOBLOCK> table.
Removing the 'quick' parameter from the rule for <FRIENDS> will allow
packets to fall through to the next rules. Alternatively, moving the
'pass' rule to below your 'block' rules will allow any connections
originating from networks listed in your <FRIENDS> table and also exists
in the <AUTOBLOCK> table, will be blocked.
Larry.
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
