Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 23 Mar 2002 08:40:37 -0800
From:      "Tony Saign" <tony@saign.com>
To:        <freebsd-ipfw@freebsd.org>
Subject:   Problems after cvsup to 4.5 -stable 3/21 with ipfw
Message-ID:  <000001c1d289$7641c9a0$1401a8c0@frankenmobl>
next in thread | raw e-mail | index | archive | help 
 After a recent cvsup to 4.5 -stable, I noticed my server to be EXTREMLY
sluggish with ipfw enabled.
Web pages hanging indefinately, mail download HORRIBLY slow!

Turning ipfw off by add 0110 allow tcp from any to any via fxp0, things
return to normal.

I made no changes to my ruleset listed below. Can anyone offer any
insight/help? (PLEASE!)

Thanks,
-Tony

00100   50    2516 allow ip from any to any via lo0
00110 3235 1131435 allow tcp from any to any via fxp0
00200    0       0 deny ip from any to 127.0.0.0/8
00300    0       0 deny ip from 127.0.0.0/8 to any
00400    0       0 deny ip from 168.120.0.0/16 to any
00500    0       0 deny tcp from 168.120.0.0/16 to any
00600    0       0 deny udp from 168.120.0.0/16 to any
00700    0       0 allow tcp from any to 216.40.33.39 55000
00800 6413 4145842 allow tcp from any to any out established
00900  120    5801 allow tcp from any to any keep-state out setup
01000 4591  321384 allow tcp from any to any established
01100    0       0 allow tcp from 216.120.17.24 to any 21 setup
01200    0       0 allow tcp from 216.188.41.2 to any 21 setup
01300    7     336 allow tcp from any to any 22 setup
01400    4     240 allow tcp from any to any 25 setup
01500    4     192 allow tcp from any to any 110 setup
01600   21    1008 allow tcp from any to any 80 setup
01700    0       0 allow tcp from any to any 443 setup
01900    0       0 allow udp from any 53 to any 53 in recv fxp0
02000    0       0 allow udp from any 53 to any 53 out xmit fxp0
02100  163   10540 allow udp from any 1024-65534 to any 53
02200  163   35814 allow udp from any 53 to any 1024-65534
02300    0       0 allow tcp from any 1024-65534 to any 53
02400    0       0 allow tcp from any 53 to any 1024-65534
02500    0       0 allow icmp from any to any icmptype 3
02600    0       0 allow icmp from any to any icmptype 4
02700   12    1008 allow icmp from any to any out icmptype 8
02800   12    1008 allow icmp from any to any in icmptype 0
02900    0       0 allow icmp from any to any in icmptype 11
03000   61    4416 deny log logamount 1000 ip from any to any
65535    0       0 deny ip from any to any


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c1d289$7641c9a0$1401a8c0>