Date: Tue, 13 Mar 2012 22:12:02 -0800 From: Kevin Oberman <kob6558@gmail.com> To: "nyoman.bogi@gmail.com" <nyoman.bogi@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: firewall stuck Message-ID: <CAN6yY1v1O9QiN3bAZ3jPJvzX=xsLAauSXJJjwhrZPYSnBfK_uw@mail.gmail.com> In-Reply-To: <CAJsxnXY7aHNf7dvG%2BQLVqziWQe8HLHbFbttN-vNsai-MbOVCMA@mail.gmail.com> References: <CAJsxnXY7aHNf7dvG%2BQLVqziWQe8HLHbFbttN-vNsai-MbOVCMA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 13, 2012 at 7:27 PM, nyoman.bogi@gmail.com <nyoman.bogi@gmail.com> wrote: > dear guru, > > every time I open my firewall to allow SSH connection from Internet > after few days my firewall always stuck. Stuck in here meaning > that it deny all request (deny any from any). > And after I "ipfw disable firewall" and then "ipfw enable firewall" > everything works fine > > when I checked /var/log/messages I found lots of attempts > people try to connect to my machine. > why my machine get stuck when lots of people try to SSH to my machine? We need a bit more information, especially your ipfw configuration. Is it a statefull firewall? It sounds a lot like your state table might be filling for some reason. Of course, if it is not a statefull firewall, that idea is probably wrong, though it could be a misconfiguration of some statefull rule that is inadvertently catching the SSH attempts. Have you done an 'ipfw show' to see what rules are being matched? it may or may not provide a clue. -- R. Kevin Oberman, Network Engineer E-mail: kob6558@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1v1O9QiN3bAZ3jPJvzX=xsLAauSXJJjwhrZPYSnBfK_uw>