Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 31 Jan 2019 12:22:37 +0100
From:      Kristof Provost <kristof@sigsegv.be>
To:        ASV <asv@inhio.net>
Cc:        questions list <freebsd-questions@freebsd.org>
Subject:   Re: PF issue since 11.2-RELEASE
Message-ID:  <20190131112237.GC57976@vega.codepro.be>
In-Reply-To: <c89b0bfc5decb895432b8427e4e70d58c5a7f0c9.camel@inhio.net>
References:  <989e79372513e9769c6857b531f14df8ce0b6f3a.camel@inhio.net> <F26DA908-F2AC-4CBF-8227-A4C3D21865EE@FreeBSD.org> <e336fd332455cc9fe9f722482aae09ed6eeab610.camel@inhio.net> <51F0845A-2BB3-4BC9-977D-BB0E6C305ED3@FreeBSD.org> <a801e46a5c4ca3aaa8bc4d6b270319840908ad44.camel@inhio.net> <20190129193609.GB57976@vega.codepro.be> <c89b0bfc5decb895432b8427e4e70d58c5a7f0c9.camel@inhio.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2019-01-31 12:11:15 (+0100), ASV <asv@inhio.net> wrote:
> Good afternoon,
> one good news and one bad news.
> 
> Good news is that it was that bloody zero missing which was "freaking
> out" PF during the reload. How could I missed that? Perhaps erroneously
> removed during the upgrade somehow or it was there but not causing
> problems?! I'll never know. But it's fixed so thank you very much for
> the good catch!
> 
> The bad news is that PF is still not enforcing the rules within the
> anchors. So fail2ban keeps populating the tables where the previously
> mentioned rules are in place (reposted below) but these IPs keeps
> bombing me with connection attempts passing the firewall with no
> problems at all. Killing the states, reloading, restarting (PF and
> fail2ban) doesn't fix that.
> 
> # pfctl -a f2b/asterisk-udp -t f2b-asterisk-udp -s rules
> block drop quick proto udp from <f2b-asterisk-udp> to any port = sip
> block drop quick proto udp from <f2b-asterisk-udp> to any port = sip-tls
> 
> # pfctl -a f2b/asterisk-tcp -t f2b-asterisk-tcp -s rules
> block drop quick proto tcp from <f2b-asterisk-tcp> to any port = sip
> block drop quick proto tcp from <f2b-asterisk-tcp> to any port = sip-tls
> 
> Is it a known bug?
> 
> 
What does pflog show?

Regards,
Kristof

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190131112237.GC57976>