From owner-freebsd-questions@FreeBSD.ORG Wed Mar 29 09:07:21 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1C7916A400 for ; Wed, 29 Mar 2006 09:07:21 +0000 (UTC) (envelope-from bernt@bah.homeip.net) Received: from amsfep19-int.chello.nl (amsfep17-int.chello.nl [213.46.243.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id C299943D8B for ; Wed, 29 Mar 2006 09:07:19 +0000 (GMT) (envelope-from bernt@bah.homeip.net) Received: from [213.200.137.21] by amsfep19-int.chello.nl (InterMail vM.6.01.04.04 201-2131-118-104-20050224) with ESMTP id <20060329090716.RKLQ17536.amsfep19-int.chello.nl@[213.200.137.21]> for ; Wed, 29 Mar 2006 11:07:16 +0200 Message-ID: <442A4E14.6090204@bah.homeip.net> Date: Wed, 29 Mar 2006 11:06:28 +0200 From: B H User-Agent: Mozilla/5.0 (X11; U; FreeBSD-4.10-RELEASE; sv-SE) X-Accept-Language: sv, en-us, en MIME-Version: 1.0 To: "freebsd-questions@FreeBSD. ORG" Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: IP Filter problems on 4.11-STABLE X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Mar 2006 09:07:22 -0000 Hello! I've upgrade a machine about a week ago from 4.10-p19 i belive it was. Now IPFilter does not work or is VERY slow, ssh, web and mail timesout. NAT is working like it should. # dmesg | grep 'IP Filter' IP Filter: v3.4.35 initialized. Default = pass all, Logging = enabled ipf.rules looks like this: # Let clients behind the firewall send out to the internet, and replies to # come back in by keeping state. pass out quick on fxp0 proto tcp all keep state pass out quick on fxp0 proto udp all keep state pass out quick on fxp0 proto icmp all keep state # Since nothing should be coming from these address ranges, block them block in log quick on fxp0 from 82.182.0.0/16 to any block in quick on fxp0 from 192.168.0.0/16 to any block in quick on fxp0 from 172.16.0.0/12 to any block in quick on fxp0 from 10.0.0.0/8 to any block in quick on fxp0 from 127.0.0.0/8 to any block in quick on fxp0 from 192.0.2.0/24 to any block in log quick on fxp0 from any to 10.0.0.0/32 block in log quick on fxp0 from any to 10.0.0.255/32