Date: Mon, 08 Sep 2008 17:45:44 +0200 From: Jille <jille@quis.cx> To: Dmitry Rybin <kirgudu@kirgudu.org> Cc: freebsd-pf@freebsd.org Subject: Re: FreeBSD 7.1-PRERELEASE Trouble Message-ID: <48C548A8.9030204@quis.cx> In-Reply-To: <9bc4ff5c0809080813t1c370b72pce80dfa64f91fa41@mail.gmail.com> References: <9bc4ff5c0809080813t1c370b72pce80dfa64f91fa41@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello,
Dmitry Rybin wrote:
> PF doesn't block some IP!!!!
>
> === pf.conf ===
>
> ext_if="bge0"
> table <dnsflood> { 78.107.71.38 89.179.195.34 }
Afaik you need to separate them with a comma (,)
-- Jille
>
> block quick from <dnsflood>
> pass out
> pass in
> === pf.conf ===
>
> # pfctl -e -f /etc/pf.conf
>
> # tcpdump -netxi bge0 host 89.179.195.34
> 00:1a:a1:69:35:43 > 00:1c:c4:81:2f:9e, ethertype IPv4 (0x0800), length 69:
> 89.179.195.34.2357 > 195.14.50.21.53: 35869+ A? emils.com. (27)
> 0x0000: 4500 0037 3034 0000 3811 4089 59b3 c322
> 0x0010: c30e 3215 0935 0035 0023 0314 8c1d 0100
> 0x0020: 0001 0000 0000 0000 0565 6d69 6c73 0363
> 0x0030: 6f6d 0000 0100 01
> 00:1c:c4:81:2f:9e > 00:00:0c:07:ac:00, ethertype IPv4 (0x0800), length 84:
> 195.14.50.21.53 > 89.179.195.34.2357: 48025 ServFail 0/0/1 (42)
> 0x0000: 4500 0046 84a8 0000 4011 0000 c30e 3215
> 0x0010: 59b3 c322 0035 0935 0032 c7de bb99 8182
> 0x0020: 0001 0000 0000 0001 0377 7777 0565 6d69
> 0x0030: 6c73 0363 6f6d 0000 0100 0100 0029 1000
> 0x0040: 0000 0000 0000
> 00:1c:c4:81:2f:9e > 00:00:0c:07:ac:00, ethertype IPv4 (0x0800), length 73:
> 195.14.50.21.53 > 89.179.195.34.2357: 22012 ServFail 0/0/0 (31)
> 0x0000: 4500 003b 84a9 0000 4011 0000 c30e 3215
> 0x0010: 59b3 c322 0035 0935 0027 3dbc 55fc 8182
> 0x0020: 0001 0000 0000 0000 0377 7777 0565 6d69
> 0x0030: 6c73 0363 6f6d 0000 0100 01
> 00:1c:c4:81:2f:9e > 00:00:0c:07:ac:00, ethertype IPv4 (0x0800), length 69:
> 195.14.50.21.53 > 89.179.195.34.2357: 35869 ServFail 0/0/0 (27)
> 0x0000: 4500 0037 84ac 0000 4011 0000 c30e 3215
> 0x0010: 59b3 c322 0035 0935 0023 8291 8c1d 8182
> 0x0020: 0001 0000 0000 0000 0565 6d69 6c73 0363
> 0x0030: 6f6d 0000 0100 01
> 00:1a:a1:69:35:43 > 00:1c:c4:81:2f:9e, ethertype IPv4 (0x0800), length 73:
> 89.179.195.34.2357 > 195.14.50.21.53: 48025+ A? www.emils.com. (31)
> 0x0000: 4500 003b 3035 0000 3811 4084 59b3 c322
> 0x0010: c30e 3215 0935 0035 0027 58a1 bb99 0100
> 0x0020: 0001 0000 0000 0000 0377 7777 0565 6d69
> 0x0030: 6c73 0363 6f6d 0000 0100 01
> 00:1c:c4:81:2f:9e > 00:00:0c:07:ac:00, ethertype IPv4 (0x0800), length 73:
> 195.14.50.21.53 > 89.179.195.34.2357: 48025 ServFail 0/0/0 (31)
> 0x0000: 4500 003b 84ae 0000 4011 0000 c30e 3215
> 0x0010: 59b3 c322 0035 0935 0027 d81e bb99 8182
> 0x0020: 0001 0000 0000 0000 0377 7777 0565 6d69
> 0x0030: 6c73 0363 6f6d 0000 0100 01
>
> tcpdump -netxi bge0 host 78.107.71.38
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on bge0, link-type EN10MB (Ethernet), capture size 96 bytes
> 00:1a:a1:69:35:43 > 00:1c:c4:81:2f:9e, ethertype IPv4 (0x0800), length 94:
> 78.107.71.38.37367 > 195.14.50.21.53: 38168+ A?
> nc-71-51-232-31.dhcp.embarqhsd.net. (52)
> 0x0000: 4500 0050 ae4f 4000 3b11 0699 4e6b 4726
> 0x0010: c30e 3215 91f7 0035 003c e6ca 9518 0100
> 0x0020: 0001 0000 0000 0000 0f6e 632d 3731 2d35
> 0x0030: 312d 3233 322d 3331 0464 6863 7009 656d
> 0x0040: 6261 7271 6873 6403 6e65 7400 0001 0001
> 00:1a:a1:69:35:43 > 00:1c:c4:81:2f:9e, ethertype IPv4 (0x0800), length 89:
> 78.107.71.38.37368 > 195.14.50.21.53: 50276+ A?
> 166.156.122.89.bl.spamcop.net. (47)
> 0x0000: 4500 004b ae68 4000 3b11 0685 4e6b 4726
> 0x0010: c30e 3215 91f8 0035 0037 18d5 c464 0100
> 0x0020: 0001 0000 0000 0000 0331 3636 0331 3536
> 0x0030: 0331 3232 0238 3902 626c 0773 7061 6d63
> 0x0040: 6f70 036e 6574 0000 0100 01
>
> Add to pf.conf
> block quick from 89.179.195.34 - same, doesn't work.
>
> May be trouble in config?
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48C548A8.9030204>