Hello ,
thank you for your answer.
ad1.
i send my current firewall rules and record from tcpdump on re0 .
My LAN is 172.16.0.0/22 (10... it was easy. I think it does not matter)
My second LAN is 192.168.1.0/24(on this network connection to the IMAP
port 993 works)
My public IP is 86.49.91.98
ad2.
Tcpdump on rl0 shows nothing
ad3.
Yes . I have gateway_enable="YES" in /etc/rc.conf
ad4.
I think yes...
PS : Firewall is not my work . I inherited it.
Thank you very much
Petr Chocholac
Dne 24.8.2015 v 15:39 Allan Jude napsal(a):
On 2015-08-24 09:05, Petr Chocholáč wrote:
Hello,
I would like to ask you for advice. I can not connect to imap.gmail.com
on port 993 from my local network. My LAN is behind freeBSD server with
IPFW. Server has two network cards rl0=Internet and
re0=LAN(10.0.0.0/16). Tcpdump on re0 shows three SYN packets without
answers. What rules should i create?
I tried someting like this, without success:
#ipfw add 01500 allow ip from 10.0.0.0/16 to any in via re0
Thank you very much for any advice and your patience
Petr Chocholáč
Brno, Czech Republic
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
We would need to see all of your current firewall rules (ipfw show)
You'll want to tcpdump on rl0, to see if the packet is being forwarded.
Do you have the machine configured as a gateway? (gateway_enable="YES"
in /etc/rc.conf)
Are you doing NAT (Network Address Translation) to remap the internal
(10.0.0.0/16) addresses to your internet routable IP?
00100 9036394 8499055198 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00400 134 9313 allow udp from any to 86.49.91.110 dst-port 53
keep-state
00500 0 0 allow udp from 86.49.91.110 53 to any keep-state
00600 0 0 allow tcp from 86.49.91.107 to any dst-port 25
setup
00700 0 0 allow tcp from 86.49.91.98 25 to any dst-port 25
setup
00800 0 0 allow udp from 86.49.91.110 53 to any keep-state
00900 956234 80342962 allow icmp from 86.49.91.98 to any keep-state
01000 17235 1324207 allow icmp from any to 86.49.91.98 keep-state
01100 14068 1530257 allow udp from 86.49.91.98 53 to any keep-state
01200 7759 554809 allow ip from 172.16.0.0/24 to 86.49.91.96/28
01300 946 72736 allow ip from 86.49.91.96/28 to 172.16.0.0/24
01400 0 0 allow ip from 172.16.0.0/16 to 195.113.191.160/28
dst-port 8080,26,55555,10943,22,26,3128,61085,514,25,53
01500 0 0 allow ip from 172.16.0.0/16 to 86.49.91.96/28
dst-port 8080,26,55555,10943,22,26,3128,61085,514,25,53,993
01600 722 38642 deny log ip from 218.0.0.0/8 to any via rl0
01700 0 0 deny log ip from 221.6.178.0/24{0-63} to any via
rl0
01800 0 0 deny log ip from 210.68.8.128/25 to any via rl0
01900 12 845 deny log ip from 121.8.0.0/13 to any via rl0
02000 0 0 deny log ip from 58.208.0.0/20 to any via rl0
02100 0 0 deny log ip from 62.193.235.47 to any via rl0
02200 0 0 deny log ip from 74.208.164.166 to any via rl0
02300 0 0 deny log ip from any to 74.208.164.166
02400 0 0 deny log ip from 61.78.0.0/16 to any via rl0
02500 0 0 deny log ip from 91.200.108.0/24 to any dst-port
25 via rl0
02600 0 0 allow ip from 172.16.2.0/24 to any dst-port 53
keep-state
02700 67565 11649052 allow ip from 172.16.2.0/23 to any dst-port 53
keep-state
02800 240 17484 allow log logamount 2 udp from 172.16.0.99 to any
dst-port 53 out via rl0 keep-state
02900 0 0 allow log logamount 2 udp from any 53 to
172.16.0.99 in via rl0 keep-state
03000 0 0 allow log logamount 2 udp from any 53 to
192.168.1.1 in via rl0 keep-state
03100 23 1493 allow log logamount 100 udp from 192.168.1.1 53 to
any keep-state
03200 0 0 fwd 172.16.0.99,8080 tcp from 172.16.2.0/24 to any
dst-port 80 out via rl0
03300 2543961 222167859 fwd 172.16.0.99,8080 tcp from 172.16.2.0/23 to any
dst-port 80 out via rl0
03400 0 0 allow tcp from 172.16.2.0/23 to 172.16.0.2 setup
03500 0 0 allow tcp from 172.16.2.0/24 to 172.16.0.2 setup
03600 0 0 allow ip from 172.16.2.0/23 to 172.16.0.2 setup
03700 0 0 allow ip from 172.16.2.0/24 to 172.16.0.2 setup
03800 0 0 allow tcp from 172.16.2.0/24 to 192.168.1.1 setup
03900 0 0 allow tcp from 172.16.2.0/24 to 192.168.1.1 setup
04000 29654 1806084 allow tcp from 172.16.2.0/23 to any dst-port
8080,80,3128 setup
04100 0 0 allow udp from 172.16.2.0/23 to any dst-port 53
keep-state
04200 0 0 allow tcp from 172.16.1.0/24 to any dst-port
8080,80,3128 setup
04300 0 0 allow udp from 172.16.1.0/24 to any dst-port 53
keep-state
04400 0 0 allow log udp from 172.16.0.0/24 to any dst-port
53 keep-state
04500 0 0 allow log ip from any to 83.240.84.57 setup
04600 0 0 deny log ip from 172.16.1.0/24 to any not dst-port
443,8080,80,3128,53,1935
04700 65767 4520394 deny log ip from 172.16.2.0/23 to any not dst-port
443,8080,80,3128,53,1935
04800 600 60337 deny log ip from 192.168.1.223 to any not dst-port
80,443,8080,3128,53,1935,993,10943
04900 10 778 deny ip from 61.79.0.0/16 to any via rl0
05000 0 0 deny ip from 61.80.0.0/16 to any via rl0
05100 1 40 deny ip from 61.81.0.0/16 to any via rl0
05200 0 0 deny ip from 61.82.0.0/16 to any via rl0
05300 0 0 deny ip from 61.83.0.0/16 to any via rl0
05400 0 0 deny ip from 61.84.0.0/16 to any via rl0
05500 0 0 deny ip from 61.85.0.0/16 to any via rl0
05600 0 0 deny ip from 195.23.121.0/24 to any via rl0
05700 1 48 allow tcp from any to 86.49.91.98 dst-port 444
setup via rl0
05800 0 0 allow tcp from any to 86.49.91.98 dst-port 444 via
rl0
05900 777 40028 allow tcp from any to 86.49.91.98 dst-port 80
setup via rl0
06000 3382 340639 allow tcp from any to 86.49.91.98 dst-port 80 via
rl0
06100 0 0 allow tcp from any to { 195.113.191.171 or
86.49.91.107 } dst-port 3049 setup
06200 45 1956 allow tcp from any to { 195.113.191.171 or
86.49.91.107 } dst-port 443 setup
06300 0 0 allow tcp from any to { 195.113.191.171 or
86.49.91.107 } dst-port 443
06400 167 6992 allow tcp from any to { 195.113.191.171 or
86.49.91.107 } dst-port 80 setup
06500 1 44 allow tcp from any to { 195.113.191.171 or
86.49.91.107 } dst-port 80
06600 0 0 allow tcp from 83.240.0.0/16 to 86.49.91.98
dst-port 443 setup via rl0
06700 0 0 allow tcp from 83.240.1.249 to 86.49.91.98
dst-port 443 setup via rl0
06800 0 0 allow tcp from 89.176.0.0/15 to 86.49.91.98
dst-port 80 setup via rl0
06900 0 0 allow tcp from 89.176.0.0/15 to 86.49.91.98
dst-port 443 setup via rl0
07000 0 0 allow tcp from 62.245.96.0/19 to 86.49.91.98
dst-port 80 setup via rl0
07100 0 0 allow tcp from 62.245.100.0/24 to 86.49.91.98
dst-port 80 setup via rl0
07200 0 0 allow tcp from 62.245.101.0/24 to 86.49.91.98
dst-port 80 setup via rl0
07300 0 0 allow tcp from 62.245.102.0/24 to 86.49.91.98
dst-port 80 setup via rl0
07400 0 0 allow tcp from 62.245.103.0/24 to 86.49.91.98
dst-port 80 setup via rl0
07500 0 0 allow tcp from 62.245.96.0/19 to 86.49.91.98
dst-port 443 setup via rl0
07600 0 0 allow tcp from 62.245.100.0/24 to 86.49.91.98
dst-port 443 setup via rl0
07700 0 0 allow tcp from 62.245.101.0/24 to 86.49.91.98
dst-port 443 setup via rl0
07800 0 0 allow tcp from 62.245.102.0/24 to 86.49.91.98
dst-port 443 setup via rl0
07900 0 0 allow tcp from 62.245.103.0/24 to 86.49.91.98
dst-port 443 setup via rl0
08000 0 0 allow tcp from 62.245.104.0/24 to 86.49.91.98
dst-port 443 setup via rl0
08100 0 0 allow tcp from 62.245.105.0/24 to 86.49.91.98
dst-port 443 setup via rl0
08200 0 0 allow tcp from 62.245.106.0/24 to 86.49.91.98
dst-port 443 setup via rl0
08300 0 0 allow tcp from 62.245.107.0/24 to 86.49.91.98
dst-port 443 setup via rl0
08400 0 0 allow tcp from 62.245.108.0/24 to 86.49.91.98
dst-port 443 setup via rl0
08500 0 0 allow tcp from 62.245.109.0/24 to 86.49.91.98
dst-port 443 setup via rl0
08600 0 0 allow tcp from 62.245.110.0/24 to 86.49.91.98
dst-port 443 setup via rl0
08700 0 0 allow tcp from 62.245.111.0/24 to 86.49.91.98
dst-port 443 setup via rl0
08800 0 0 allow tcp from 85.70.0.0/16 to 86.49.91.98
dst-port 443 setup via rl0
08900 0 0 allow tcp from 85.71.0.0/16 to 86.49.91.98
dst-port 443 setup via rl0
09000 0 0 allow tcp from 84.42.232.0/21 to 86.49.91.98
dst-port 443 setup via rl0
09100 0 0 allow tcp from 84.42.240.0/20 to 86.49.91.98
dst-port 443 setup via rl0
09200 0 0 allow tcp from 80.188.157.0/24 to 86.49.91.98
dst-port 443 setup via rl0
09300 0 0 allow tcp from 89.102.9.0/24 to 86.49.91.98
dst-port 443 setup via rl0
09400 0 0 allow tcp from 89.102.0.0/16 to 86.49.91.98
dst-port 443 setup via rl0
09500 0 0 allow tcp from 81.27.192.0/20 to 86.49.91.98
dst-port 443 setup via rl0
09600 0 0 allow tcp from 81.19.32.0/20 to 86.49.91.98
dst-port 443 setup via rl0
09700 0 0 allow tcp from 89.103.88.0/24 to 86.49.91.98
dst-port 443 setup via rl0
09800 0 0 allow tcp from 89.102.207.0/24 to 86.49.91.98
dst-port 443 setup via rl0
09900 0 0 allow tcp from 94.112.0.0/15 to 86.49.91.98
dst-port 443 setup via rl0
10000 0 0 allow tcp from 94.112.0.0/14 to 86.49.91.98
dst-port 443 setup via rl0
10100 0 0 allow tcp from 78.44.0.0/15 to 86.49.91.98
dst-port 443 setup via rl0
10200 0 0 allow tcp from 78.45.0.0/16 to 86.49.91.98
dst-port 443 setup via rl0
10300 0 0 allow tcp from 78.102.0.0/15 to 86.49.91.98
dst-port 443 setup via rl0
10400 0 0 allow tcp from 78.102.0.0/16 to 86.49.91.98
dst-port 443 setup via rl0
10500 0 0 allow tcp from 84.42.224.0/20 to 86.49.91.98
dst-port 443 setup via rl0
10600 0 0 allow tcp from 84.42.128.0/17 to 86.49.91.98
dst-port 443 setup via rl0
10700 0 0 allow tcp from 77.240.184.0/21 to 86.49.91.98
dst-port 993 setup via rl0
10800 0 0 allow tcp from 81.19.8.114 to 86.49.91.98 dst-port
993 setup via rl0
10900 0 0 allow tcp from 81.19.8.114 to 86.49.91.98 dst-port
993 via rl0
11000 0 0 allow tcp from 176.74.128.0/17 to 86.49.91.98
dst-port 993 setup via rl0
11100 0 0 allow tcp from 176.74.157.135 to 86.49.91.98
dst-port 993 setup via rl0
11200 0 0 deny log ip from any to 149.20.56.33
11300 0 0 deny log ip from any to 149.20.56.32
11400 0 0 deny log ip from any to 143.215.143.11
11500 0 0 deny log ip from any to 143.215.129.26
11600 0 0 deny log ip from any to 149.20.56.34
11700 0 0 deny log ip from any to 143.215.130.33
11800 0 0 deny log ip from any to 87.106.24.200
11900 0 0 deny log ip from any to 149.20.56.33
12000 6501 301558 deny log ip from any to 86.49.91.96/28 dst-port
3306,8080,26,55555,10943,22,26,61085,514 via rl0
12100 941 37928 deny log ip from any to 86.49.91.96/28 dst-port
3128 via rl0
12200 85603 8017309 allow log ip from any to 86.49.91.96/28 via re0
12300 0 0 allow log ip from any to 86.49.91.96/28 via re0
12400 85456 59560204 allow log ip from 86.49.91.96/28 to any via re0
12500 465 20568 deny ip from any to 10.0.0.0/8 via rl0
12600 0 0 deny ip from any to 0.0.0.0/8 via rl0
12700 0 0 deny ip from any to 169.254.0.0/16 via rl0
12800 0 0 deny ip from any to 192.0.2.0/24 via rl0
12900 248 17840 deny ip from any to 224.0.0.0/4 via rl0
13000 10 3710 deny ip from any to 240.0.0.0/4 via rl0
13100 62 4652 skipto 14000 tcp from 192.168.1.251 to any
dst-port 80
13200 0 0 fwd 192.168.1.1,3128 tcp from 172.16.1.0/24 to any
dst-port 80 out via rl0
13300 0 0 fwd 192.168.1.1,3128 tcp from 172.16.2.0/23 to any
dst-port 80 out via rl0
14000 0 0 allow tcp from 192.168.1.223 to any dst-port 25
14100 0 0 allow tcp from 192.168.1.253 to any dst-port 25
14200 0 0 allow tcp from 192.168.1.199 to any dst-port 25
14300 0 0 allow tcp from any to 192.168.1.199 dst-port 25
14400 0 0 deny log tcp from 172.16.1.0/24 to any dst-port 25
14500 0 0 deny log tcp from 172.16.2.0/24 to any dst-port 25
14600 6 2046 deny log udp from any to { 195.113.191.160/28 or
86.49.91.96/28 } dst-port 67 via rl0
14700 0 0 deny tcp from not 192.168.1.0/24{164,251} to {
195.113.191.169 or 86.49.91.105 } dst-port 22 via re0
14800 0 0 allow tcp from 192.168.1.223 to any dst-port 25
14900 0 0 allow tcp from 192.168.1.253 to any dst-port 25
15000 0 0 allow tcp from 192.168.1.251 to 192.168.1.1
dst-port 25 setup
15100 0 0 allow tcp from 192.168.1.111 to 192.168.1.1
dst-port 25
15200 0 0 deny log udp from any to { 195.113.191.160/28 or
86.49.91.96/28 } dst-port 67 via rl0
15300 0 0 deny tcp from not 192.168.1.0/24{164,251} to {
195.113.191.169 or 86.49.91.105 } dst-port 22 via re0
15400 20999597 16135713820 divert 8668 ip from any to any via rl0
15500 73 4900 allow icmp from 172.16.0.0/24 to any
15600 0 0 allow icmp from 172.16.0.0/24 to any keep-state
15700 0 0 allow udp from 172.16.0.99 to any via re0
keep-state
15800 0 0 allow udp from any to 172.16.0.99 via rl0
keep-state
15900 0 0 allow udp from any to 172.16.0.99 via re0
keep-state
16000 0 0 allow tcp from 172.16.0.0/24 to any setup
16100 208138 13112674 allow icmp from 192.168.1.0/24 to any icmptypes
0,8 via re0
16200 0 0 allow icmp from any to 192.168.1.0/24 icmptypes
0,8 via re0
16300 0 0 allow icmp from any to 192.168.1.0/24 icmptypes
0,8 via rl0
16400 0 0 allow icmp from 213.29.21.68 to {
195.113.191.160/28 or 86.49.91.96/28 } icmptypes 0,8 via rl0
16500 0 0 allow icmp from any to 192.168.1.0/24 icmptypes
0,8 via re0
16600 0 0 allow icmp from any to 192.168.1.0/24 icmptypes
0,8 via rl0
16700 0 0 allow icmp from 213.29.21.68 to {
195.113.191.160/28 or 86.49.91.96/28 } icmptypes 0,8 via rl0
16800 0 0 allow icmp from 86.49.91.97 to {
195.113.191.160/28 or 86.49.91.96/28 } icmptypes 0,8 via rl0
16900 37 2532 allow icmp from { 195.113.191.160/28 or
86.49.91.96/28 } to any icmptypes 0,8 via rl0
17000 111716 5874040 allow tcp from 86.49.91.98 to any setup
17100 0 0 allow tcp from { 195.113.191.167 or 86.49.91.103 }
to any setup
17200 0 0 deny ip from 0.0.0.0/8 to any via rl0
17300 0 0 deny ip from 169.254.0.0/16 to any via rl0
17400 0 0 deny ip from 192.0.2.0/24 to any via rl0
17500 0 0 deny ip from 224.0.0.0/4 to any via rl0
17600 0 0 deny ip from 240.0.0.0/4 to any via rl0
17700 399559319 339151751085 allow tcp from any to any established
17800 2 522 allow ip from any to any frag
17900 0 0 deny log tcp from any to 86.49.91.98 dst-port 80
18000 916 44672 allow tcp from any to 86.49.91.107 dst-port 25,26
setup
18100 0 0 allow tcp from any to 86.49.91.98 dst-port 25 setup
18200 0 0 allow tcp from any to { 195.113.191.171 or
86.49.91.107 } dst-port 25 setup
18300 269 13068 allow tcp from any to { 195.113.191.164 or
86.49.91.100 } dst-port 25 setup
18400 0 0 allow tcp from 192.168.1.223 to 192.168.1.1
dst-port 2049,111 via re0 setup
18500 0 0 allow tcp from 192.168.1.251 to 192.168.1.1
dst-port 2049,111 via re0 setup
18600 22 1024 deny tcp from any to any dst-port 2049,111
18700 0 0 allow udp from 192.168.1.223 to 192.168.1.1
dst-port 111,2049 via re0 keep-state
18800 0 0 allow udp from 192.168.1.251 to 192.168.1.1
dst-port 111,2049 via re0 keep-state
18900 88 6008 deny udp from any to any dst-port 2049,111
19000 36499 1936092 allow log tcp from 192.168.1.0/24 to any via re0
setup
19100 0 0 allow log tcp from 192.168.1.0/24 to any via re0
19200 486010 58558185 allow log udp from 192.168.1.0/24 to any via re0
keep-state
19300 17384 1048620 allow log logamount 2 tcp from 172.16.0.0/12 to
any via re0 setup
19400 151549 11770225 allow log logamount 2 udp from 172.16.0.0/12 to
any via re0
19500 0 0 allow tcp from any to 172.16.0.2 via re0 setup
19600 0 0 allow tcp from any to 172.16.0.251 via re0 setup
19700 0 0 allow tcp from 192.168.1.0/24 to {
195.113.191.160/28 or 86.49.91.96/28 } dst-port 3128 setup
19800 0 0 allow udp from 192.168.1.0/24 to {
195.113.191.160/28 or 86.49.91.96/28 } dst-port 3128
19900 0 0 allow udp from 192.168.1.0/24 to any dst-port 3130
20000 0 0 allow tcp from { 195.113.191.160/28 or
86.49.91.96/28 } to 86.49.91.98 dst-port 3128 setup via re0
20100 0 0 allow tcp from 192.168.1.0/24 to { 195.113.191.164
or 86.49.91.100 } dst-port 22 setup
20200 0 0 allow tcp from any to 172.16.0.253 dst-port 22
setup
20300 0 0 allow tcp from any 80 to 192.168.1.0/24
20400 0 0 allow tcp from { 195.113.191.167 or 86.49.91.103 }
to 86.49.91.98 dst-port 5432 via re0 setup
20500 23184 1292000 allow tcp from any to { 195.113.191.169 or
86.49.91.105 } dst-port 80 setup
20600 0 0 allow tcp from any to { 195.113.191.169 or
86.49.91.105 } dst-port 3049 setup
20700 922 50916 allow tcp from any to { 195.113.191.173 or
86.49.91.109 } dst-port 80 setup
20800 0 0 allow tcp from any to { 195.113.191.171 or
86.49.91.107 } dst-port 80 setup
20900 1 40 allow tcp from any to { 195.113.191.171 or
86.49.91.107 } dst-port 443 setup
21000 0 0 allow tcp from { 195.113.191.166 or 86.49.91.102 }
to { 195.113.191.169 or 86.49.91.105 } dst-port 22 via re0 setup
21100 0 0 allow tcp from any to { 195.113.191.168 or
86.49.91.104 } dst-port 115 setup
21200 0 0 allow tcp from { 195.113.191.160/28 or
86.49.91.96/28 } to { 195.113.191.168 or 86.49.91.104 } dst-port 22 setup
21300 0 0 allow tcp from 81.19.11.196 to { 195.113.191.168
or 86.49.91.104 } dst-port 22 setup
21400 0 0 allow tcp from any to { 195.113.191.167 or
86.49.91.103 } dst-port 3049 setup
21500 0 0 allow tcp from any to { 195.113.191.167 or
86.49.91.103 } dst-port 3049
21600 0 0 allow tcp from any to { 195.113.191.169 or
86.49.91.105 } dst-port 3049 setup
21700 0 0 allow tcp from 176.74.157.135 to { 195.113.191.169
or 86.49.91.105 } dst-port 3049
21800 612 33880 allow tcp from any to { 195.113.191.167 or
86.49.91.103 } dst-port 443 setup
21900 0 0 allow tcp from any to { 195.113.191.167 or
86.49.91.103 } dst-port 443 setup
22000 0 0 allow tcp from any to { 195.113.191.171 or
86.49.91.107 } dst-port 443 setup
22100 0 0 allow tcp from any to { 195.113.191.171 or
86.49.91.107 } dst-port 80 setup
22200 183 7728 allow tcp from any to { 195.113.191.174 or
86.49.91.110 } dst-port 80 setup
22300 0 0 allow tcp from any to { 195.113.191.173 or
86.49.91.109 } dst-port 80 setup
22400 0 0 allow tcp from 77.240.184.0/21 to {
195.113.191.168 or 86.49.91.104 } setup
22500 0 0 allow tcp from 176.74.128.0/17 to {
195.113.191.168 or 86.49.91.104 } setup
22600 343 16840 allow tcp from any to { 195.113.191.168 or
86.49.91.104 } dst-port 80 setup
22700 175 7308 allow tcp from any to { 195.113.191.166 or
86.49.91.102 } dst-port 80 setup
22800 6 256 allow tcp from any to { 195.113.191.168 or
86.49.91.104 } dst-port 110 setup
22900 3 120 allow tcp from any to { 195.113.191.168 or
86.49.91.104 } dst-port 3129 setup
23000 14 612 allow tcp from any to { 195.113.191.168 or
86.49.91.104 } dst-port 8000 setup
23100 129 6884 allow tcp from any to { 195.113.191.168 or
86.49.91.104 } dst-port 443 setup
23200 0 0 allow tcp from any to 172.16.1.0/24 setup
23300 0 0 allow tcp from any to 172.16.2.0/23 setup
23400 0 0 allow udp from any to 172.16.1.0/24
23500 0 0 allow udp from any to 172.16.2.0/23
23600 0 0 allow udp from any to 172.16.0.2
23700 0 0 allow udp from any to 172.16.0.3
23800 0 0 allow tcp from any to 172.16.0.2 setup
23900 0 0 allow tcp from any to 172.16.0.3 setup
24000 15 888 allow tcp from any to 86.49.91.98 dst-port 53 setup
24100 1023 65626 allow udp from any to 86.49.91.98 dst-port 53
24200 0 0 allow tcp from any to 86.49.91.98 dst-port 53 setup
24300 0 0 allow udp from any to 86.49.91.98 dst-port 53
24400 307023 51681967 allow udp from any to any dst-port 53 keep-state
24500 115056 12704240 allow udp from any 53 to any keep-state
24600 0 0 allow udp from 86.49.91.98 to any dst-port 53
keep-state
24700 0 0 allow udp from 86.49.91.98 53 to any keep-state
24800 0 0 allow ip from any to 172.16.0.99 keep-state
24900 0 0 allow ip from 172.16.0.99 to any keep-state
25000 0 0 allow log logamount 2 udp from not 172.16.0.99 to
any dst-port 53 via re0 keep-state
25100 0 0 allow udp from any 53 to any via re0 keep-state
25200 154706 11757656 allow udp from 86.49.91.98 to any dst-port 123
keep-state
25300 21293 1563407 allow udp from any to any dst-port 123 keep-state
25400 557050 171076733 allow log logamount 100 ip from any to any via re0
25500 3860 185648 allow log logamount 2 ip from any to {
195.113.191.174 or 86.49.91.110 } setup
25600 39627 1963136 deny log logamount 100 tcp from any to any via rl0
setup
25700 6691 1610703 deny log logamount 100 udp from any to any via rl0
25800 8424 639068 deny log logamount 2 icmp from any to any
25900 0 0 deny log logamount 100 ip from any to any dst-port
68 via re0
26000 0 0 deny log logamount 100 ip from any to any dst-port
67 via re0
65535 370105 114020634 deny ip from any to any
08:43:12.529990 IP 172.16.3.130.57564 > 64.233.184.109.993: Flags [S], seq
1047705988, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
08:43:15.541589 IP 172.16.3.130.57564 > 64.233.184.109.993: Flags [S], seq
1047705988, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
08:43:21.545748 IP 172.16.3.130.57564 > 64.233.184.109.993: Flags [S], seq
1047705988, win 8192, options [mss 1460,nop,nop,sackOK], length 0
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
