From owner-freebsd-ipfw Sat Mar 23 8:41:14 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from opensrs.saignon.net (216-120-17-67.dsl.cust.tfb.com [216.120.17.67]) by hub.freebsd.org (Postfix) with ESMTP id 90F9237B419 for ; Sat, 23 Mar 2002 08:41:10 -0800 (PST) Received: from frankenmobl (216-120-17-17.dsl.cust.tfb.com [216.120.17.17]) by opensrs.saignon.net (8.11.6/8.11.3) with ESMTP id g2NGfob00681 for ; Sat, 23 Mar 2002 08:41:50 -0800 (PST) (envelope-from tony@saign.com) From: "Tony Saign" To: Subject: Problems after cvsup to 4.5 -stable 3/21 with ipfw Date: Sat, 23 Mar 2002 08:40:37 -0800 Message-ID: <000001c1d289$7641c9a0$1401a8c0@frankenmobl> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG After a recent cvsup to 4.5 -stable, I noticed my server to be EXTREMLY sluggish with ipfw enabled. Web pages hanging indefinately, mail download HORRIBLY slow! Turning ipfw off by add 0110 allow tcp from any to any via fxp0, things return to normal. I made no changes to my ruleset listed below. Can anyone offer any insight/help? (PLEASE!) Thanks, -Tony 00100 50 2516 allow ip from any to any via lo0 00110 3235 1131435 allow tcp from any to any via fxp0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 00400 0 0 deny ip from 168.120.0.0/16 to any 00500 0 0 deny tcp from 168.120.0.0/16 to any 00600 0 0 deny udp from 168.120.0.0/16 to any 00700 0 0 allow tcp from any to 216.40.33.39 55000 00800 6413 4145842 allow tcp from any to any out established 00900 120 5801 allow tcp from any to any keep-state out setup 01000 4591 321384 allow tcp from any to any established 01100 0 0 allow tcp from 216.120.17.24 to any 21 setup 01200 0 0 allow tcp from 216.188.41.2 to any 21 setup 01300 7 336 allow tcp from any to any 22 setup 01400 4 240 allow tcp from any to any 25 setup 01500 4 192 allow tcp from any to any 110 setup 01600 21 1008 allow tcp from any to any 80 setup 01700 0 0 allow tcp from any to any 443 setup 01900 0 0 allow udp from any 53 to any 53 in recv fxp0 02000 0 0 allow udp from any 53 to any 53 out xmit fxp0 02100 163 10540 allow udp from any 1024-65534 to any 53 02200 163 35814 allow udp from any 53 to any 1024-65534 02300 0 0 allow tcp from any 1024-65534 to any 53 02400 0 0 allow tcp from any 53 to any 1024-65534 02500 0 0 allow icmp from any to any icmptype 3 02600 0 0 allow icmp from any to any icmptype 4 02700 12 1008 allow icmp from any to any out icmptype 8 02800 12 1008 allow icmp from any to any in icmptype 0 02900 0 0 allow icmp from any to any in icmptype 11 03000 61 4416 deny log logamount 1000 ip from any to any 65535 0 0 deny ip from any to any To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message