Date: Thu, 31 Jan 2019 12:22:37 +0100 From: Kristof Provost <kristof@sigsegv.be> To: ASV <asv@inhio.net> Cc: questions list <freebsd-questions@freebsd.org> Subject: Re: PF issue since 11.2-RELEASE Message-ID: <20190131112237.GC57976@vega.codepro.be> In-Reply-To: <c89b0bfc5decb895432b8427e4e70d58c5a7f0c9.camel@inhio.net> References: <989e79372513e9769c6857b531f14df8ce0b6f3a.camel@inhio.net> <F26DA908-F2AC-4CBF-8227-A4C3D21865EE@FreeBSD.org> <e336fd332455cc9fe9f722482aae09ed6eeab610.camel@inhio.net> <51F0845A-2BB3-4BC9-977D-BB0E6C305ED3@FreeBSD.org> <a801e46a5c4ca3aaa8bc4d6b270319840908ad44.camel@inhio.net> <20190129193609.GB57976@vega.codepro.be> <c89b0bfc5decb895432b8427e4e70d58c5a7f0c9.camel@inhio.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2019-01-31 12:11:15 (+0100), ASV <asv@inhio.net> wrote: > Good afternoon, > one good news and one bad news. > > Good news is that it was that bloody zero missing which was "freaking > out" PF during the reload. How could I missed that? Perhaps erroneously > removed during the upgrade somehow or it was there but not causing > problems?! I'll never know. But it's fixed so thank you very much for > the good catch! > > The bad news is that PF is still not enforcing the rules within the > anchors. So fail2ban keeps populating the tables where the previously > mentioned rules are in place (reposted below) but these IPs keeps > bombing me with connection attempts passing the firewall with no > problems at all. Killing the states, reloading, restarting (PF and > fail2ban) doesn't fix that. > > # pfctl -a f2b/asterisk-udp -t f2b-asterisk-udp -s rules > block drop quick proto udp from <f2b-asterisk-udp> to any port = sip > block drop quick proto udp from <f2b-asterisk-udp> to any port = sip-tls > > # pfctl -a f2b/asterisk-tcp -t f2b-asterisk-tcp -s rules > block drop quick proto tcp from <f2b-asterisk-tcp> to any port = sip > block drop quick proto tcp from <f2b-asterisk-tcp> to any port = sip-tls > > Is it a known bug? > > What does pflog show? Regards, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190131112237.GC57976>