Greetings, I seem to be having a few problems with my new ipfw stateful firewall bridge ruleset. If I understand this correctly, a client should make a request to port 80, gets issued a SYN flag, and the session is allowed further communication via the first rule 22100 'check-state.' When I view the site from an outside location, everything seems to be running fine, but when I check the log file, it appears that the 'deny all' rule is being hit quite a bit more often than I expected. Syslog shows me
Jan 19 17:09:25 postfix /kernel: ipfw: 22500 Deny TCP 207.124.361.215:2345 10.10.10.10:80 in via sis0 Jan 19 17:09:26 postfix /kernel: ipfw: 22500 Deny TCP 154.951.221.81:4376 10.10.10.10:80 in via sis0 Jan 19 17:09:32 postfix /kernel: ipfw: 22500 Deny TCP 158.113.207.162:55639 10.10.10.10:80 in via sis0 Jan 19 17:09:32 postfix /kernel: ipfw: 22500 Deny TCP 127.113.227.62:55639 10.10.10.10:80 in via sis0 Jan 19 17:09:33 postfix /kernel: ipfw: 22550 Deny TCP 10.10.10.10:1801 142.261.148.67:80 in via fxp2 I'm getting these messages literally every couple seconds. I would expect this behaviour when the filter is first activated (dropping old connections that do not have the flag set) but not after several hours. I'm seeing similar happenings to my mail servers, so I believe it is a problem with my ruleset, and not something machine specific. I have included the relative document pieces below. Can anyone spot my silly mistake and care to inform me of the problem? Thanks, ~John ... Some generic rules .. add 6700 skipto 22100 all from 10.10.10.10 to any add 6750 skipto 22100 all from any to 10.10.10.10 ... #ruleset for machine add 22100 check-state #allow in terminal services add 22200 allow tcp from any to 10.10.10.10 3389 in setup keep-state #allow out terminal services add 22250 allow tcp from 10.10.10.10 to any 3389 out setup keep-state #allow AIM add 22275 allow tcp from 10.10.10.10 to any 5190 setup keep-state add 22276 allow tcp from any 5190 to 10.10.10.10 setup keep-state #Allow in Web add 22300 allow tcp from any to 10.10.10.10 80 setup keep-state #Allow out web add 22350 allow tcp from 10.10.10.10 to any 80 setup keep-state add 22400 allow udp from 10.10.10.10 to any 53 keep-state #Now block everything else add 22500 deny log logamount 200 ip from any to 10.10.10.10 add 22550 deny log logamount 200 ip from 10.10.10.10 to any add 23000 skipto 60000 all from any to any To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
