I am getting a weird issue with IPFW blocking outbound packets after connections are closed. Here is rc.firewall:
I then run a web server on port 80. When I connect, it works as expected. Rule #3 allows the inbound connection, and keep-state allows associated inbound and outbound traffic as expected.
However, I am seeing a weird thing after the connection is closed. According to the logs, the server calls close() on the socket, and then 350 seconds later IPFW reports denied packets due to rule #4. More specifically, it looks like something in the networking stack is trying to send outbound packets on that closed connection approximately 350 seconds after my server closes the socket, and IPFW is not associating those packets with the previously allowed connection.
Does anyone have any idea what the heck could be going? This is driving me nuts. Let me know if the explanation is unclear.
Code:
ipfw -q -f flush
ipfw -q add 1 check-state
ipfw -q add 2 allow all from any to any via lo0
ipfw -q add 3 allow tcp from any to me 80 in setup keep-state
ipfw -q add 4 deny log all from any to any outI then run a web server on port 80. When I connect, it works as expected. Rule #3 allows the inbound connection, and keep-state allows associated inbound and outbound traffic as expected.
However, I am seeing a weird thing after the connection is closed. According to the logs, the server calls close() on the socket, and then 350 seconds later IPFW reports denied packets due to rule #4. More specifically, it looks like something in the networking stack is trying to send outbound packets on that closed connection approximately 350 seconds after my server closes the socket, and IPFW is not associating those packets with the previously allowed connection.
Does anyone have any idea what the heck could be going? This is driving me nuts. Let me know if the explanation is unclear.
