Page 2 of 2 FirstFirst 12
Results 21 to 28 of 28

Thread: ipfw shows ip being blocked in dynamic rules

  1. #21
    Join Date
    May 2012
    Location
    The Netherlands
    Posts
    48
    nope, you might be on to something here ? It shows nothing.

  2. #22
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,481
    What if you manually run this code and add some IPs into the table:

    Code:
    ipfw table 2 add 80.x.x.x
    ipfw table 2 add 81.x.x.x
    ipfw table 2 add 66.x.x.x
    ipfw table 2 add 62.x.x.x

    and then again

    Code:
    ipfw table 2 list
    ?
    Regards, Alex G.

    - Get the best commercial DirectAdmin support and hire me on poralix.com
    - Follow and like @Poralix on Facebook

  3. #23
    Join Date
    May 2012
    Location
    The Netherlands
    Posts
    48
    it shows

    Code:
    62.x.x.x/32 0

  4. #24
    Join Date
    May 2012
    Location
    The Netherlands
    Posts
    48
    (only added one particular ip that concerns the most at the moment)

  5. #25
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,481
    Now you can try to open a web-site on your server from that IP and see whether counters changed here from zeros:

    Code:
    ipfw show 10007
    Regards, Alex G.

    - Get the best commercial DirectAdmin support and hire me on poralix.com
    - Follow and like @Poralix on Facebook

  6. #26
    Join Date
    May 2012
    Location
    The Netherlands
    Posts
    48
    Code:
    10007    407    154198 allow tcp from table(2) to any dst-port 80 setup limit src-addr 80

  7. #27
    Join Date
    May 2012
    Location
    The Netherlands
    Posts
    48
    Seems they do:
    Code:
    10007   2344   1504706 allow tcp from table(2) to any dst-port 80 setup limit src-addr 80
    Which looks like everything is ok. But in fact it looks like 60007 is counting too, and will block regardless of any other rule. Some sort of whichever counter comes to it's limit first will block. And judging from the past few weeks, rule 60007 wins every time and blocks ip's from table 2.

  8. #28
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,481
    That can't be true...

    When a packet enters the firewall it is compared against the first rule in the ruleset and progresses one rule at a time moving from top to bottom of the set in ascending rule number sequence order. When the packet matches the selection parameters of a rule, the rules' action field value is executed and the search of the ruleset terminates for that packet. This is referred to as “the first match wins” search method.
    http://www.freebsd.org/doc/en_US.ISO...alls-ipfw.html

    Your rule number 60007 must be catching connections from other IPs.
    Regards, Alex G.

    - Get the best commercial DirectAdmin support and hire me on poralix.com
    - Follow and like @Poralix on Facebook

Page 2 of 2 FirstFirst 12

Similar Threads

  1. Why is IPFW blocking Bind?
    By df-sean in forum FreeBSD 6.x
    Replies: 3
    Last Post: 09-17-2007, 12:45 PM
  2. Ipfw
    By suhailc in forum FreeBSD 6.x
    Replies: 7
    Last Post: 09-30-2006, 10:10 AM
  3. opening ipfw for 587
    By eSology in forum E-Mail
    Replies: 4
    Last Post: 01-28-2006, 06:16 PM
  4. ipfw question
    By bjseiler in forum System-Level Technical Discussion
    Replies: 0
    Last Post: 06-18-2005, 07:44 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •