From owner-freebsd-questions@FreeBSD.ORG Wed Mar 29 13:29:41 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1BAFC16A424 for ; Wed, 29 Mar 2006 13:29:41 +0000 (UTC) (envelope-from fbsd_user@a1poweruser.com) Received: from mta10.adelphia.net (mta10.adelphia.net [68.168.78.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8565A43D53 for ; Wed, 29 Mar 2006 13:29:38 +0000 (GMT) (envelope-from fbsd_user@a1poweruser.com) Received: from barbish ([70.39.69.56]) by mta10.adelphia.net (InterMail vM.6.01.05.02 201-2131-123-102-20050715) with SMTP id <20060329132937.PIER8301.mta10.adelphia.net@barbish>; Wed, 29 Mar 2006 08:29:37 -0500 From: "fbsd_user" To: "B H" , "freebsd-questions@FreeBSD. ORG" Date: Wed, 29 Mar 2006 08:29:37 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <442A4E14.6090204@bah.homeip.net> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 Importance: Normal Cc: Subject: RE: IP Filter problems on 4.11-STABLE X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: fbsd_user@a1poweruser.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Mar 2006 13:29:41 -0000 Your firewall rules are pretty much useless. Your default is to pass everything that does not match a rule. So other than those block rules everything is allowed out and in. This means your slowness problem has nothing to do with your firewall. Read the handbook for ipfilter sample rule set if you want a meaningful firewall. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of B H Sent: Wednesday, March 29, 2006 4:06 AM To: freebsd-questions@FreeBSD. ORG Subject: IP Filter problems on 4.11-STABLE Hello! I've upgrade a machine about a week ago from 4.10-p19 i belive it was. Now IPFilter does not work or is VERY slow, ssh, web and mail timesout. NAT is working like it should. # dmesg | grep 'IP Filter' IP Filter: v3.4.35 initialized. Default = pass all, Logging = enabled ipf.rules looks like this: # Let clients behind the firewall send out to the internet, and replies to # come back in by keeping state. pass out quick on fxp0 proto tcp all keep state pass out quick on fxp0 proto udp all keep state pass out quick on fxp0 proto icmp all keep state # Since nothing should be coming from these address ranges, block them block in log quick on fxp0 from 82.182.0.0/16 to any block in quick on fxp0 from 192.168.0.0/16 to any block in quick on fxp0 from 172.16.0.0/12 to any block in quick on fxp0 from 10.0.0.0/8 to any block in quick on fxp0 from 127.0.0.0/8 to any block in quick on fxp0 from 192.0.2.0/24 to any block in log quick on fxp0 from any to 10.0.0.0/32 block in log quick on fxp0 from any to 10.0.0.255/32 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"