PF issue since 11.2-RELEASE
kristof at sigsegv.be
Thu Jan 31 11:22:44 UTC 2019
On 2019-01-31 12:11:15 (+0100), ASV <asv at inhio.net> wrote:
> Good afternoon,
> one good news and one bad news.
> Good news is that it was that bloody zero missing which was "freaking
> out" PF during the reload. How could I missed that? Perhaps erroneously
> removed during the upgrade somehow or it was there but not causing
> problems?! I'll never know. But it's fixed so thank you very much for
> the good catch!
> The bad news is that PF is still not enforcing the rules within the
> anchors. So fail2ban keeps populating the tables where the previously
> mentioned rules are in place (reposted below) but these IPs keeps
> bombing me with connection attempts passing the firewall with no
> problems at all. Killing the states, reloading, restarting (PF and
> fail2ban) doesn't fix that.
> # pfctl -a f2b/asterisk-udp -t f2b-asterisk-udp -s rules
> block drop quick proto udp from <f2b-asterisk-udp> to any port = sip
> block drop quick proto udp from <f2b-asterisk-udp> to any port = sip-tls
> # pfctl -a f2b/asterisk-tcp -t f2b-asterisk-tcp -s rules
> block drop quick proto tcp from <f2b-asterisk-tcp> to any port = sip
> block drop quick proto tcp from <f2b-asterisk-tcp> to any port = sip-tls
> Is it a known bug?
What does pflog show?
More information about the freebsd-questions