Date: Mon, 27 Jan 2014 22:22:30 -0500 From: Robert Simmons <rsimmons0@gmail.com> To: freebsd-pf@freebsd.org Subject: Re: PF in FreeBSD 10.0 Blocking Some SSH Message-ID: <CA%2BQLa9D%2B=pf%2B38JBqQpX%2Bw93otVULKhh6y-s9XAq%2BAfFFFQHhA@mail.gmail.com> In-Reply-To: <20140127192048.GS66160@FreeBSD.org> References: <CA%2BQLa9D97WytnE2Yiy6VFXDrhcgLcpPGf2zB16urjf2Ms%2BrzFg@mail.gmail.com> <20140127192048.GS66160@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 27, 2014 at 2:20 PM, Gleb Smirnoff <glebius@freebsd.org> wrote:
> Robert,
>
> On Sun, Jan 26, 2014 at 06:19:34PM -0500, Robert Simmons wrote:
> R> Over the course of a few hours there are a handful of SSH packets that
> R> are being blocked both in and out. This does not seem to affect the
> R> SSH session, and all the blocked packets have certain flags set [FP.],
> R> [R.], [P.], [.], [F.]. The following is my ruleset abbreviated to the
> R> rules that apply to this problem:
> R>
> R> ext_if = "en0"
> R> allowed = "{ 192.168.1.10 }"
> R> std_tcp_in = "{ ssh }"
> R> block in log
> R> block out log (user)
> R> pass in quick on $ext_if proto tcp from $allowed to ($ext_if) port
> R> $std_tcp_in keep state
> R>
> R> Why are those packets being blocked?
>
> Do I understand you correct that the ssh sessions work well, but you
> see blocked packets in the pflog?
Yes, this is correct. I have not seen this in the logs since
yesterday, so it may have been a network issue.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BQLa9D%2B=pf%2B38JBqQpX%2Bw93otVULKhh6y-s9XAq%2BAfFFFQHhA>