From owner-freebsd-questions@FreeBSD.ORG  Thu Mar 24 16:36:48 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D00E116A4CF
	for <questions@freebsd.org>; Thu, 24 Mar 2005 16:36:48 +0000 (GMT)
Received: from mail.snowfall.se (guldivar.globalwire.se [212.112.184.140])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AC9A143D49
	for <questions@freebsd.org>; Thu, 24 Mar 2005 16:36:47 +0000 (GMT)
	(envelope-from stefan@snowfall.se)
Received: from [213.136.48.101] (unknown [213.136.48.101])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.snowfall.se (Postfix) with ESMTP id 0200534
	for <questions@freebsd.org>; Thu, 24 Mar 2005 17:36:44 +0100 (CET)
Message-ID: <4242EC97.8070505@snowfall.se>
Date: Thu, 24 Mar 2005 17:36:39 +0100
From: Stefan Cars <stefan@snowfall.se>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: questions@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Problems with ipfw2 ?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Mar 2005 16:36:49 -0000

Hi!

I have a very strange problem with our firewall using ipfw2.  Below is 
my configuration file. The firewall is a briding firewall (em2,em3). 
After a few seconds (7-12 seconds) of ICMP pings to a machine behind the 
firewall suddenly starts blocking all traffic to that specific host. 
This is also true for networks that I have permitted at the top of the 
config. It rejects everything regardless of any rules I have made.

Any ideas anyone ?


# Trusted networks
add permit ip from XXXX/28 to any
add permit ip from XXXX/26 to any

add permit ip from XXXX/25 to any


add permit ip from any to any established

# DNS
add permit ip from any to any 53

# ICMP
add permit icmp from any to any

# HTTP
add permit ip from any to any 80
add permit ip from any to any 443

# SSH

add permit ip from any to any 22





# Deny everything else
add deny ip from any to any