IP Filter problems on 4.11-STABLE
B H
bernt at bah.homeip.net
Wed Mar 29 09:07:22 UTC 2006
Hello!
I've upgrade a machine about a week ago from 4.10-p19 i belive it was.
Now IPFilter does not work or is VERY slow, ssh, web and mail timesout.
NAT is working like it should.
# dmesg | grep 'IP Filter'
IP Filter: v3.4.35 initialized. Default = pass all, Logging = enabled
ipf.rules looks like this:
# Let clients behind the firewall send out to the internet, and replies to
# come back in by keeping state.
pass out quick on fxp0 proto tcp all keep state
pass out quick on fxp0 proto udp all keep state
pass out quick on fxp0 proto icmp all keep state
# Since nothing should be coming from these address ranges, block them
block in log quick on fxp0 from 82.182.0.0/16 to any
block in quick on fxp0 from 192.168.0.0/16 to any
block in quick on fxp0 from 172.16.0.0/12 to any
block in quick on fxp0 from 10.0.0.0/8 to any
block in quick on fxp0 from 127.0.0.0/8 to any
block in quick on fxp0 from 192.0.2.0/24 to any
block in log quick on fxp0 from any to 10.0.0.0/32
block in log quick on fxp0 from any to 10.0.0.255/32
More information about the freebsd-questions
mailing list