"I don't know metin2 server file is illegal" .. "Now it is not about metin2" ... sure. Goodbye!
# macro
tcp_services = "{domain, auth, 3389, 71}"
udp_services = "{domain, 123}"
metin2auth = "{13099, 13004, 13003, 13002, 13001, 13000, 11002}"
set skip on lo0
block in all
block out all
#on autorise le ping
pass in quick on em0 proto { icmp icmp6 }
block in quick on em0 from any to 37.59.49.28
#pass out proto tcp to any port $tcp_services
pass in proto tcp to any port $tcp_services
pass proto udp to any port $udp_services
#pass out proto tcp to any port $metin2auth
pass in proto tcp to any port $metin2auth
pass proto udp to any port $metin2auth
#IP BANNI
table <blackhole> persist file "/etc/pf.blackhole"
block quick from <blackhole>
block quick to <blackhole>
pass inet proto tcp from any to any port ssh flags S/SA keep state (max-src-conn 5, max-src-conn-rate 5/30, overload <blackhole> flush global)
# netstat -an | grep SYN_RECV
tcp 0 0 10.xxx.xxx.xxx 237.177.154.8:25882 SYN_RECV -
tcp 0 0 10.xxx.xxx.xxx 236.15.133.204:2577 SYN_RECV -
tcp 0 0 10.xxx.xxx.xxx 127.160.6.129:51748 SYN_RECV -
tcp 0 0 10.xxx.xxx.xxx 230.220.13.25:47393 SYN_RECV -
ipfw install_state too many dynamic rules
IPF="ipfw -q add"
ipfw -q -f flush
#################################################
# Giris Ä°zini 127.0.0.1
#################################################
$IPF 10 allow all from any to any via lo0
$IPF 11 deny all from any to 127.0.0.0/8
$IPF 12 deny all from 127.0.0.0/8 to any
$IPF 13 deny tcp from any to any frag
#################################################
# Åžartlar Kodlama
#################################################
$IPF 14 check-state
$IPF 15 allow tcp from any to any established
$IPF 16 allow all from any to any out keep-state
$IPF 17 allow icmp from any to any
#################################################
# Çıkış İzini Alan Portlar
#################################################
$IPF 18 allow tcp from any to any 22 setup keep-state
$IPF 19 allow tcp from any to any 13000 setup keep-state
$IPF 20 allow tcp from any to any 13001 setup keep-state
$IPF 21 allow tcp from any to any 16000 setup keep-state
$IPF 22 allow tcp from any to any 18000 setup keep-state
$IPF 23 allow tcp from any to any 21000 setup keep-state
$IPF 24 allow tcp from any to any 3306 setup keep-state
$IPF 25 allow tcp from any to any 11005 setup keep-state
$IPF 26 allow udp from any to any 22 keep-state
$IPF 27 allow udp from any to any 13000 keep-state
$IPF 28 allow udp from any to any 13001 keep-state
$IPF 29 allow udp from any to any 16000 keep-state
$IPF 30 allow udp from any to any 18000 keep-state
$IPF 31 allow udp from any to any 21000 keep-state
$IPF 32 allow udp from any to any 3306 keep-state
$IPF 33 allow udp from any to any 11005 keep-state
####################################################
#Saldırı Paket Veri Kısıtlama
####################################################
ipfw add 409 allow tcp from any to me 22 in via em0 setup limit src-addr 20
ipfw add 410 allow tcp from any to me 13000 in via em0 setup limit src-addr 10
ipfw add 411 allow tcp from any to me 13001 in via em0 setup limit src-addr 10
ipfw add 412 allow tcp from any to me 16000 in via em0 setup limit src-addr 10
ipfw add 413 allow tcp from any to me 21000 in via em0 setup limit src-addr 10
ipfw add 414 allow tcp from any to me 18000 in via em0 setup limit src-addr 10
ipfw add 415 allow tcp from any to me 11005 in via em0 setup limit src-addr 5
ipfw add 416 allow tcp from any to me 3306 in via em0 setup limit src-addr 10
ipfw add 419 allow udp from any to me 22 in via em0 setup limit src-addr 80
ipfw add 420 allow udp from any to me 13000 in via em0 setup limit src-addr 80
ipfw add 421 allow udp from any to me 13001 in via em0 setup limit src-addr 80
ipfw add 422 allow udp from any to me 16000 in via em0 setup limit src-addr 80
ipfw add 423 allow udp from any to me 21000 in via em0 setup limit src-addr 80
ipfw add 424 allow udp from any to me 18000 in via em0 setup limit src-addr 80
ipfw add 425 allow udp from any to me 11005 in via em0 setup limit src-addr 50
ipfw add 426 allow udp from any to me 3306 in via em0 setup limit src-addr 50
$IPF 34 allow all from mywebserverip to me
$IPF 36 allow all from myip to any 14000
$IPF 37 allow all from myip to any 14000
$IPF 38 deny all from any to me 14000
$IPF 39 allow all from myip to any 17000
$IPF 40 allow all from myip to any 17000
$IPF 41 deny all from any to me 17000
$IPF 42 allow all from myip to any 20000
$IPF 43 allow all from myip to any 20000
$IPF 44 deny all from any to me 20000
$IPF 45 allow all from myip to any 22000
$IPF 46 allow all from myip to any 22000
$IPF 47 deny all from any to me 22000
$IPF 48 allow all from myip to any 12000
$IPF 49 allow all from myip to any 12000
$IPF 50 deny all from any to me 12000
$IPF 51 allow all from myip to any 14001
$IPF 52 allow all from myip to any 14001
$IPF 53 deny all from any to me 14001
$IPF deny log all from any to any
net.inet.ip.fw.dyn_max=65536
net.inet.ip.fw.dyn_buckets=1024
net.inet.ip.fw.dyn_ack_lifetime=60
Savagedlight said:There's usually little need for keep-state on incoming traffic to services as you already know you want to allow traffic for them. Please re-evaluate why you need keep-state.
If you still want to use keep-state, you'll have to play around with limiting the number of states allowed per source IP, state timeout (net.inet.ip.fw.dyn_*_lifetime), or increasing net.inet.ip.fw.dyn_max (and net.inet.ip.fw.dyn_buckets?) to higher values. AFAIK, it's not capped to 65k.
I also have a few other comments on your ruleset.
1) Generally, don't use "from any to any" in allow rules.
2) Don't add an allow rule unless you know you want it. For example: Why do you allow udp to port 22?
3) Make a distinction between incoming and outgoing traffic.
4) For readability, you might want to re-arrange your configuration file so that the rules are sorted in ascending order within each 'group' of rules. Currently, "Saldırı Paket Veri Kısıtlama" ("Attack Packet Data Restriction"?) adds a block of rules which will be used *after* the next block of rules.
DutchDaemon said:What application is listening on these ports 13000, 13001, 16000, 18000, 21000?
[mysqld]
port = 3306
max_connections = 5500
myisam_sort_buffer_size = 64M
query_cache_size = 268435456
query_cache_type=1
query_cache_limit=26843545
join_buffer_size = 1M
read_buffer_size = 1M
sort_buffer_size = 2M
table_cache = 1024
thread_cache_size = 64
wait_timeout = 1800
connect_timeout = 10
max_allowed_packet = 16M
max_connect_errors = 10
query_cache_limit = 1M
query_cache_size = 32M
query_cache_type = 1
#log=/var/log/mysql.log
$IPF 4 allow all from me to any 14000
$IPF 5 allow all from 127.0.0.0/8 to any 14000
$IPF 6 deny all from any to me 14000
$IPF 7 allow all from me to any 14001
$IPF 8 allow all from 127.0.0.0/8 to any 14001
$IPF 9 deny all from any to me 14001
$IPF 10 allow all from me to any 17000
$IPF 11 allow all from 127.0.0.0/8 to any 17000
$IPF 12 deny all from any to me 17000
$IPF 13 allow all from me to any 12000
$IPF 14 allow all from 127.0.0.0/8 to any 12000
$IPF 15 deny all from any to me 12000
$IPF 16 allow all from me to any 16001
$IPF 17 allow all from 127.0.0.0/8 to any 16001
$IPF 18 deny all from any to me 16001
$IPF 19 allow all from me to any 16002
$IPF 20 allow all from 127.0.0.0/8 to any 16002
$IPF 21 deny all from any to me 16002
$IPF 22 allow all from me to any 17001
$IPF 23 allow all from 127.0.0.0/8 to any 17001
$IPF 24 deny all from any to me 17001
$IPF 25 allow all from me to any 19000
$IPF 26 allow all from 127.0.0.0/8 to any 19000
$IPF 27 deny all from any to me 19000
$IPF 28 allow all from me to any 19001
$IPF 29 allow all from 127.0.0.0/8 to any 19001
$IPF 30 deny all from any to me 19001
$IPF 31 allow all form any to me 11002
$IPF 32 allow all from any to me 13000
$IPF 33 allow all from any to me 13001
$IPF 34 allow all from any to me 16000
$IPF 35 allow all from any to me 16001
$IPF 36 allow all from any to me 18000
$IPF 37 allow all from any to me 18001
$IPF 38 allow all from any to me 3306
$IPF 39 allow all from any to me 80
$IPF 40 allow all from any to me 21
$IPF 41 allow all from IF_of_my_host to me 3306
$IPF 10000 allow all from any to any via lo0
$IPF 20000 deny all from any to 127.0.0.0/8
$IPF 30000 deny all from 127.0.0.0/8 to any
$IPF 40000 allow all from any to any
I am running a game server. My server never goes down but the web stops working with an unknown reason for me, it's seems like the firewall block it but I don't know why.wblock@ said:The firewall rules are... odd. What software are you running? Why would users want to attack your server? What are the firewall rules meant to stop?
But the game have not to do with the problem I am sure with that.Anyway the game is "Metin2"wblock@ said:What game?
jrm said:I believe this is why @wblock was inquiring: http://forums.freebsd.org/showthread.php?t=21568&highlight=metin.