Date: Sun, 03 Feb 2019 16:26:38 +0100 From: "Kristof Provost" <kristof@sigsegv.be> To: ASV <asv@inhio.net> Cc: "questions list" <freebsd-questions@freebsd.org> Subject: Re: PF issue since 11.2-RELEASE Message-ID: <764DE990-3AC5-43F5-A05B-68C3346AB819@sigsegv.be> In-Reply-To: <8918ed58705259aebcf0b5254fd28d161b4d31b5.camel@inhio.net> References: <989e79372513e9769c6857b531f14df8ce0b6f3a.camel@inhio.net> <F26DA908-F2AC-4CBF-8227-A4C3D21865EE@FreeBSD.org> <e336fd332455cc9fe9f722482aae09ed6eeab610.camel@inhio.net> <51F0845A-2BB3-4BC9-977D-BB0E6C305ED3@FreeBSD.org> <a801e46a5c4ca3aaa8bc4d6b270319840908ad44.camel@inhio.net> <20190129193609.GB57976@vega.codepro.be> <c89b0bfc5decb895432b8427e4e70d58c5a7f0c9.camel@inhio.net> <2677833F-B2C4-4CCD-B82F-4F3F84B7FFF8@sigsegv.be> <8918ed58705259aebcf0b5254fd28d161b4d31b5.camel@inhio.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 3156 and 4880).
--=_MailMate_AA52C6EB-7CA0-4178-B059-2CB47B6265B0_=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
On 1 Feb 2019, at 10:33, ASV wrote:
> On Thu, 2019-01-31 at 22:00 +0100, Kristof Provost wrote:
>> On 31 Jan 2019, at 12:11, ASV wrote:
>>> Good afternoon,
>>> one good news and one bad news.
>>>
>>> Good news is that it was that bloody zero missing which was
>>> "freaking
>>> out" PF during the reload. How could I missed that? Perhaps
>>> erroneously
>>> removed during the upgrade somehow or it was there but not causing
>>> problems?! I'll never know. But it's fixed so thank you very much
>>> for
>>> the good catch!
>>>
>>> The bad news is that PF is still not enforcing the rules within the
>>> anchors. So fail2ban keeps populating the tables where the
>>> previously
>>> mentioned rules are in place (reposted below) but these IPs keeps
>>> bombing me with connection attempts passing the firewall with no
>>> problems at all. Killing the states, reloading, restarting (PF and
>>> fail2ban) doesn't fix that.
>>>
>>> # pfctl -a f2b/asterisk-udp -t f2b-asterisk-udp -s rules
>>> block drop quick proto udp from <f2b-asterisk-udp> to any port =3D
>>> sip
>>> block drop quick proto udp from <f2b-asterisk-udp> to any port =3D
>>> sip-tls
>>>
>>> # pfctl -a f2b/asterisk-tcp -t f2b-asterisk-tcp -s rules
>>> block drop quick proto tcp from <f2b-asterisk-tcp> to any port =3D
>>> sip
>>> block drop quick proto tcp from <f2b-asterisk-tcp> to any port =3D
>>> sip-tls
>>
>> I don=E2=80=99t use anchors myself, but don=E2=80=99t you need to call=
them from your
>> main ruleset?
> Anchors are called and the blocking rule is set within:
>
> anchor f2b {
> anchor asterisk {
> block in quick log to any
> }
> }
>
You have to =E2=80=98anchor "f2b/*=E2=80=9D=E2=80=99 in your main ruleset=
to get anchor =E2=80=98f2b/asterisk-tcp=E2=80=99 to be used.
Regards,
Kristof
--=_MailMate_AA52C6EB-7CA0-4178-B059-2CB47B6265B0_=
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename=signature.asc
Content-Type: application/pgp-signature; name=signature.asc
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQJHBAEBCAAxFiEE4RTZ6pCe1GmPVxelfRWRxp768oYFAlxXCC4THGtyaXN0b2ZA
c2lnc2Vndi5iZQAKCRB9FZHGnvryhppyEACLd+FevUQIFAeAHwXSunEQJK5BjZvz
riKHoSa4F63kPcemOXV5iS1yM7hC58/PmuxixbgzUNZO3Q2Zp3JCOhBgjhZHdro2
ziFpDMSNH3BpbuQb6AMjREZO+ztWyTxVKeGqhxkwsagvPbE47CMDDGcro4cATty/
w7fyCSJKr2cKOu8y2vsw/qyNJNvGFJ0cBDh4SZ7VJLFHC0lMYXsCyhuOF6fySTuz
IABr6MOfTX5/4L3SlosD/cLdA7upAH9inVXKvQPLQlEFJZpXpQpyQzKXhY99yenO
4kkx2TnskRs172K25KE8n/I18yjDe5DFh79L9Bm6ff0xoq+2teSgpMBm26l/ljhl
nFHnepgocQ8meHKZh0c2OXWnU19VHRe5k9s0IouaK2266StJFttnHH1CCwZNLReu
MdaiiCCNmdM887vEM2tLWYfCprdD4QGGeOvXqv9PsVZrKjMKC0qtYUgAdwXl2FHH
UTPSeJ5jrlFjZbbFx6UYrboCIOxVoasm7PQAUIMa5BW/OuNiOL3zf/wuYxR8Qqn3
vu2iQB1BuJsJ3s2CoMjbUqe0RCbC6lAfgPFyjM9oX8qxVr1TDSVIgibXGsw8Sfdx
KNaawv9VFK3QYISidVXW7+4THJhv3It7Q5k6eArUlB0Z/EXzyvwPDkEJtUMToNTD
4ikBVuBCSxhQYg==
=2yPK
-----END PGP SIGNATURE-----
--=_MailMate_AA52C6EB-7CA0-4178-B059-2CB47B6265B0_=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?764DE990-3AC5-43F5-A05B-68C3346AB819>