Date: Wed, 12 Feb 2014 23:24:59 +0400 From: Gleb Smirnoff <glebius@FreeBSD.org> To: Robert Simmons <rsimmons0@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: PF in FreeBSD 10.0 Blocking Some SSH Message-ID: <20140212192459.GD26785@FreeBSD.org> In-Reply-To: <CA%2BQLa9D%2B=pf%2B38JBqQpX%2Bw93otVULKhh6y-s9XAq%2BAfFFFQHhA@mail.gmail.com> References: <CA%2BQLa9D97WytnE2Yiy6VFXDrhcgLcpPGf2zB16urjf2Ms%2BrzFg@mail.gmail.com> <20140127192048.GS66160@FreeBSD.org> <CA%2BQLa9D%2B=pf%2B38JBqQpX%2Bw93otVULKhh6y-s9XAq%2BAfFFFQHhA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 27, 2014 at 10:22:30PM -0500, Robert Simmons wrote:
R> > On Sun, Jan 26, 2014 at 06:19:34PM -0500, Robert Simmons wrote:
R> > R> Over the course of a few hours there are a handful of SSH packets that
R> > R> are being blocked both in and out. This does not seem to affect the
R> > R> SSH session, and all the blocked packets have certain flags set [FP.],
R> > R> [R.], [P.], [.], [F.]. The following is my ruleset abbreviated to the
R> > R> rules that apply to this problem:
R> > R>
R> > R> ext_if = "en0"
R> > R> allowed = "{ 192.168.1.10 }"
R> > R> std_tcp_in = "{ ssh }"
R> > R> block in log
R> > R> block out log (user)
R> > R> pass in quick on $ext_if proto tcp from $allowed to ($ext_if) port
R> > R> $std_tcp_in keep state
R> > R>
R> > R> Why are those packets being blocked?
R> >
R> > Do I understand you correct that the ssh sessions work well, but you
R> > see blocked packets in the pflog?
R>
R> Yes, this is correct. I have not seen this in the logs since
R> yesterday, so it may have been a network issue.
That could be stray retransmits of data that already been received
and acknowledged. pf keeps track of sequence numbers in tcp connections
flowing through it.
--
Totus tuus, Glebius.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140212192459.GD26785>