IPFW Curl getting blocked by IPFW

wisdown

Active Member

Reaction score: 13
Messages: 130

Hey people,

After spend some days searching about my issue,I come here to try the luck.

I 'm runing an webserver using:

Code:
FreeBSD 12.0
Apache24 2.4.41
curl 7.67.0
Using IPFW as firewall.

Main problem is about Curl, this one with IPFW enabled is getting timeout and does not work.

Similar Situations:

Plugins on Wordpress, example:


Google Recapctha, example:


Other applications, example:


I know lastone have no ETA and last comment is from 2019-04, but, someone here got same problem? And if yes, are you able to fix it? Mind in share your solution?

My IPFW LIST:

Code:
00005 deny ip from table(1) to me
00010 deny ip from table(2) to me
00100 allow ip from any to any via lo0
00101 deny ip from any to 127.0.0.0/8
00102 deny ip from 172.0.0.0/8 to any
00103 deny tcp from any to any frag via lo0
00105 check-state :default
00175 allow icmp from any to any icmptypes 0,3,4,8,11 limit src-addr 8 :default
00200 allow tcp from me to any 43 out via vmx0 setup keep-state :default
00205 allow tcp from 10.0.211.112 to 10.0.211.12 53 out via vmx0 setup keep-state :default
00210 allow udp from 10.0.211.112 to 10.0.211.12 53 out via vmx0 keep-state :default
00300 allow tcp from 10.0.211.112 to 10.0.211.32 587 via vmx0 setup keep-state :default
00400 allow tcp from 10.0.211.112 to any 80 out via vmx0 setup keep-state :default
00405 allow tcp from 10.0.211.112 to any 443 out via vmx0 setup keep-state :default
00406 allow tcp from 127.0.0.1 to any 80 out via vmx0 setup keep-state :default
00407 allow tcp from 127.0.0.1 to any 443 out via vmx0 setup keep-state :default
00410 allow tcp from 10.0.211.112 to any 20,21 out via vmx0 setup keep-state :default
00415 allow tcp from 10.0.211.112 to any 49152-65535 out via vmx0 setup keep-state :default
00500 allow tcp from 10.0.211.112 to any 3390 out via vmx0 setup keep-state :default
00600 allow tcp from me to 10.0.211.52 3306 via vmx0 setup keep-state :default
00605 allow tcp from 10.0.211.112 to 10.0.211.54 6379 via vmx0 setup keep-state :default
00650 allow tcp from 10.0.211.112 to 10.0.211.72 3310 out via vmx0 setup keep-state :default
00660 allow tcp from 10.0.211.112 to 10.0.211.32 993 out via vmx0 setup keep-state :default
00670 allow tcp from 10.0.211.112 to 10.0.211.32 587 out via vmx0 setup keep-state :default
00675 allow tcp from 10.0.211.112 to 10.0.211.32 4190 out via vmx0 setup keep-state :default
00700 allow udp from 10.0.211.112 to 10.0.211.14 123 out via vmx0 keep-state :default
00800 deny log ip from any to any out via vmx0
00900 deny tcp from any to any 113 in via vmx0
01000 deny tcp from any to any 81 in via vmx0
01005 deny tcp from any to any 137 in via vmx0
01010 deny tcp from any to any 138 in via vmx0
01015 deny tcp from any to any 139 in via vmx0
01100 deny ip from any to any frag in via vmx0
01200 deny log logamount 50 ip from any to any ipoptions rr
01205 deny log logamount 50 ip from any to any ipoptions ts
01210 deny log logamount 50 ip from any to any ipoptions lsrr
01215 deny log logamount 50 ip from any to any ipoptions ssrr
01220 deny log logamount 50 ip from any to any tcpflags syn,fin
01225 deny log logamount 50 ip from any to any tcpflags syn,rst
01300 allow tcp from any to 10.0.211.112 20,21 in via vmx0 setup keep-state :default
01305 allow tcp from any to 10.0.211.112 69 in via vmx0 setup keep-state :default
01310 allow tcp from any to 10.0.211.112 49152-65535 in via vmx0 setup keep-state :default
01315 allow tcp from any to 10.0.211.112 80 in via vmx0 setup keep-state :default
01320 allow tcp from any to 10.0.211.112 443 in via vmx0 setup keep-state :default
01350 allow tcp from 10.0.211.52 to me 3306 in via vmx0 setup keep-state :default
01400 deny tcp from any to any established in via vmx0
01500 deny ip from 192.168.0.0/16 to any in via vmx0
01505 deny ip from 172.16.0.0/12 to any in via vmx0
01510 deny ip from 10.0.0.0/8 to any in via vmx0
01515 deny ip from 127.0.0.0/8 to any in via vmx0
01520 deny ip from 0.0.0.0/8 to any in via vmx0
01525 deny ip from 169.254.0.0/16 to any in via vmx0
01530 deny ip from 192.0.2.0/24 to any in via vmx0
01535 deny ip from 204.152.64.0/23 to any in via vmx0
01540 deny ip from 224.0.0.0/3 to any in via vmx0
01600 deny log ip from any to any in via vmx0
01700 deny log ip from any to any
01705 deny log logamount 50 tcp from any to any tcpflags syn,rst
65535 deny ip from any to any
Tables are for massive ban, table 2 I use for fail2ban and table 1 for other tools.

Thanks in advice to everyone able to try help, and Happy New Year in advice.

PS.: From last link, already have tried downgrad Curl in many versions to test, including versions under 7.59 without success.
 
Top