thanks Kevin, this is my "ipfw show" : 00100 4352617 2413620288 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 00400 0 0 deny ip from any to ::1 00500 0 0 deny ip from ::1 to any 00600 54387 5454184 allow icmp from any to any 00700 3142231 1681082246 allow ip from 10.1.1.28 to 10.1.1.0/26 00800 4659459 4478397111 allow ip from 10.1.1.0/26 to 10.1.1.28 00900 0 0 check-state 01000 137997 89083135 allow tcp from 10.1.1.28 to any setup keep-state 01100 0 0 allow tcp from 10.16.10.84 to any setup keep-state 01150 401205 276677828 allow tcp from any to 10.1.1.28 dst-port 22 setup keep-state 01200 245718 44249729 allow udp from 10.1.1.28 to any keep-state 01300 5876930 239194755 allow tcp from any to any established 01400 0 0 allow tcp from any to 10.1.1.28 dst-port 389 setup keep-state 01500 26341187 22030370786 allow tcp from any to 10.1.1.28 dst-port 80 setup keep-state 01600 80945 61013964 allow tcp from any to 10.1.1.28 dst-port 443 setup keep-state 01700 0 0 allow tcp from 10.1.1.2 to 10.1.1.28 dst-port 22 setup keep-state 01800 149642 97939477 allow tcp from any to 10.1.1.28 dst-port 25 setup keep-state 01900 140 7501 allow tcp from 10.1.0.0/16 to 10.1.1.28 dst-port 110 setup keep-state 02000 1677982 89212845 allow tcp from any to 10.1.1.28 dst-port 110 setup keep-state 02100 8996 432096 deny tcp from any to any setup 02200 244111 24117256 allow udp from any to 10.1.1.28 dst-port 53 keep-state 02300 0 0 allow udp from any to 10.1.1.12 dst-port 53 keep-state 65535 4610 1422974 deny ip from any to any
I use FreeBSD 8.2 : FreeBSD 8.2-RELEASE (GENERIC) #0: Fri Feb 18 02:24:46 UTC 2011 the problem start after I add rule 01150 On Wed, Mar 14, 2012 at 1:12 PM, Kevin Oberman <kob6...@gmail.com> wrote: > On Tue, Mar 13, 2012 at 7:27 PM, nyoman.b...@gmail.com > <nyoman.b...@gmail.com> wrote: > > dear guru, > > > > every time I open my firewall to allow SSH connection from Internet > > after few days my firewall always stuck. Stuck in here meaning > > that it deny all request (deny any from any). > > And after I "ipfw disable firewall" and then "ipfw enable firewall" > > everything works fine > > > > when I checked /var/log/messages I found lots of attempts > > people try to connect to my machine. > > why my machine get stuck when lots of people try to SSH to my machine? > > We need a bit more information, especially your ipfw configuration. Is > it a statefull firewall? It sounds a lot like your state table might > be filling for some reason. Of course, if it is not a statefull > firewall, that idea is probably wrong, though it could be a > misconfiguration of some statefull rule that is inadvertently catching > the SSH attempts. > > Have you done an 'ipfw show' to see what rules are being matched? it > may or may not provide a clue. > -- > R. Kevin Oberman, Network Engineer > E-mail: kob6...@gmail.com > -- ------------------------------- Bogi Aditya Sisfo - IMTelkom http://bogi.blog.imtelkom.ac.id _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
