Date: Thu, 31 Jan 2019 22:00:23 +0100 From: "Kristof Provost" <kristof@sigsegv.be> To: ASV <asv@inhio.net> Cc: "questions list" <freebsd-questions@freebsd.org> Subject: Re: PF issue since 11.2-RELEASE Message-ID: <2677833F-B2C4-4CCD-B82F-4F3F84B7FFF8@sigsegv.be> In-Reply-To: <c89b0bfc5decb895432b8427e4e70d58c5a7f0c9.camel@inhio.net> References: <989e79372513e9769c6857b531f14df8ce0b6f3a.camel@inhio.net> <F26DA908-F2AC-4CBF-8227-A4C3D21865EE@FreeBSD.org> <e336fd332455cc9fe9f722482aae09ed6eeab610.camel@inhio.net> <51F0845A-2BB3-4BC9-977D-BB0E6C305ED3@FreeBSD.org> <a801e46a5c4ca3aaa8bc4d6b270319840908ad44.camel@inhio.net> <20190129193609.GB57976@vega.codepro.be> <c89b0bfc5decb895432b8427e4e70d58c5a7f0c9.camel@inhio.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 3156 and 4880). --=_MailMate_6B9ACF53-941F-40A4-98AC-39630D6B96D5_= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 31 Jan 2019, at 12:11, ASV wrote: > Good afternoon, > one good news and one bad news. > > Good news is that it was that bloody zero missing which was "freaking > out" PF during the reload. How could I missed that? Perhaps erroneously= > removed during the upgrade somehow or it was there but not causing > problems?! I'll never know. But it's fixed so thank you very much for > the good catch! > > The bad news is that PF is still not enforcing the rules within the > anchors. So fail2ban keeps populating the tables where the previously > mentioned rules are in place (reposted below) but these IPs keeps > bombing me with connection attempts passing the firewall with no > problems at all. Killing the states, reloading, restarting (PF and > fail2ban) doesn't fix that. > > # pfctl -a f2b/asterisk-udp -t f2b-asterisk-udp -s rules > block drop quick proto udp from <f2b-asterisk-udp> to any port =3D sip > block drop quick proto udp from <f2b-asterisk-udp> to any port =3D sip-= tls > > # pfctl -a f2b/asterisk-tcp -t f2b-asterisk-tcp -s rules > block drop quick proto tcp from <f2b-asterisk-tcp> to any port =3D sip > block drop quick proto tcp from <f2b-asterisk-tcp> to any port =3D sip-= tls > I don=E2=80=99t use anchors myself, but don=E2=80=99t you need to call th= em from your main ruleset? Regards, Kristof --=_MailMate_6B9ACF53-941F-40A4-98AC-39630D6B96D5_= Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQJHBAEBCAAxFiEE4RTZ6pCe1GmPVxelfRWRxp768oYFAlxTYecTHGtyaXN0b2ZA c2lnc2Vndi5iZQAKCRB9FZHGnvryhnXBD/9cZEtWPnAsuUVLJrA8Lc7WbK/u8+Oc 5VXYFywYdYA+h56WZYslMfS8xAHUqOGhxVmO+gyM6HHuAqsS2B4BaPaPOGYYsrRR Xpkr/gsffiTDQnZlcZoNp22Zl+C2PzI9Cy++rV2V+gESlSVezYVtdc8yofGx57rV wAVJ2We7HxBB6h+bxYewe9iii1RWUuBxZ+GknonuXd3/NBTVhlf1KUl8TPJfMQ3/ pKWSyR8h0hPiZyzgB+hl3XpQTCOBh656OI/6YN/oZlXHk5zVaCop0nYodPaOhVFr zXfmBFX+r8AeyBSA8PD7vHvxDe540L6wfHoRvlQIapZxA7ucJsiLXkpU+yRqZLXx WpJDyKH9zTMd1/99SEuKS01BgVe4GHPfONM9q0CyWCjpjxi+Xw3jsqi0+ZOmx5FF rik6OHEyY7BwtuVKFSdKy31gl+zAcmvtHuVxVBr4V9j/d9uTFT4dyeI0wbuXIrmH QpZbTNP7VNefK3FXS9ElvlDC/GIGL5w0H9u6Z4HR8INTo1d+Hbz6dPFoqJxKxfey Ifl9cuH9EBdEgy32v6aUE1Mr3AAqNrX6QaDhYeauw+08zjUD0unfs+JRuC8PMnHK XUrHlK1E3ahjGMXnKjXNA2OiY2hL5Xm4XtRUmw6mxaxAEfBR7wBoUpJ1+NTl9ykx TKoD1nvMiWCvBQ== =dnAv -----END PGP SIGNATURE----- --=_MailMate_6B9ACF53-941F-40A4-98AC-39630D6B96D5_=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2677833F-B2C4-4CCD-B82F-4F3F84B7FFF8>