On a FreeBSD 12 server, I started to notice that pf is blocking out having
Any idea of why this could be happening?
Rule 2 is
@2 block drop log all
Server running mainly
Flags [FP.]
, the logs are flooded with something like this:
Code:
00:00:00.000004 rule 2/0(match): block out on bge0: 213.59.241.172.80 > 162.158.59.122.48894: Flags [FP.], seq 0:187, ack 1, win 65535, length 187: HTTP
00:00:00.000004 rule 2/0(match): block out on bge0: 213.59.241.172.80 > 141.101.98.92.16036: Flags [FP.], seq 0:187, ack 1, win 65535, length 187: HTTP
00:00:00.000004 rule 2/0(match): block out on bge0: 213.59.241.172.80 > 162.158.89.53.45136: Flags [FP.], seq 0:187, ack 1, win 65535, length 187: HTTP
00:00:00.000004 rule 2/0(match): block out on bge0: 213.59.241.172.80 > 162.158.88.60.43016: Flags [FP.], seq 0:187, ack 1, win 65535, length 187: HTTP
00:00:00.000004 rule 2/0(match): block out on bge0: 213.59.241.172.80 > 162.158.89.101.58320: Flags [FP.], seq 0:187, ack 1, win 65535, length 187: HTTP
00:00:00.000004 rule 2/0(match): block out on bge0: 213.59.241.172.80 > 162.158.179.50.21756: Flags [FP.], seq 0:187, ack 1, win 65535, length 187: HTTP
00:00:00.000004 rule 2/0(match): block out on bge0: 213.59.241.172.80 > 162.158.91.39.18516: Flags [FP.], seq 0:187, ack 1, win 65535, length 187: HTTP
00:00:00.000004 rule 2/0(match): block out on bge0: 213.59.241.172.80 > 162.158.90.202.25684: Flags [FP.], seq 0:187, ack 1, win 65535, length 187: HTTP
00:00:00.000004 rule 2/0(match): block out on bge0: 213.59.241.172.80 > 172.69.226.63.52316: Flags [FP.], seq 0:187, ack 1, win 65535, length 187: HTTP
00:00:00.000003 rule 2/0(match): block out on bge0: 213.59.241.172.80 > 162.158.90.202.25662: Flags [FP.], seq 0:187, ack 1, win 65535, length 187: HTTP
00:00:00.000005 rule 2/0(match): block out on bge0: 213.59.241.172.80 > 198.41.242.26.29508: Flags [FP.], seq 0:187, ack 1, win 65535, length 187: HTTP
Any idea of why this could be happening?
Rule 2 is
@2 block drop log all
Server running mainly
HAproxy
and these settings on /etc/sysctl.conf
:
Code:
debug.debugger_on_panic=0
debug.trace_on_panic=1
kern.ipc.shmmax=2147483648
kern.ipc.somaxconn=32768
kern.panic_reboot_wait_time=0
net.inet.icmp.drop_redirect=1
net.inet.icmp.icmplim=10
net.inet.icmp.log_redirect=0
net.inet.icmp.maskrepl=0
net.inet.ip.accept_sourceroute=0
net.inet.ip.random_id=1
net.inet.ip.redirect=0
net.inet.ip.sourceroute=0
net.inet.tcp.blackhole=2
net.inet.tcp.drop_synfin=1
net.inet.tcp.fast_finwait2_recycle=1
net.inet.tcp.finwait2_timeout=1000
net.inet.tcp.msl=2000
net.inet.tcp.recvbuf_auto=1
net.inet.tcp.recvbuf_inc=16384
net.inet.tcp.recvbuf_max=134217728
net.inet.tcp.sendbuf_auto=1
net.inet.tcp.sendbuf_inc=16384
net.inet.tcp.sendbuf_max=134217728
net.inet.udp.blackhole=1
security.bsd.see_other_gids=0
security.bsd.see_other_uids=0
security.bsd.see_jail_proc=0
security.bsd.stack_guard_page=1
security.bsd.unprivileged_proc_debug=0
security.bsd.unprivileged_read_msgbuf=0
net.inet.tcp.mssdflt=1460
net.inet.tcp.minmss=536
net.inet.tcp.syncache.rexmtlimit=0
net.inet.ip.maxfragpackets=0
net.inet.ip.maxfragsperpacket=0
net.inet.tcp.abc_l_var=44
net.inet.tcp.initcwnd_segments=44
kern.ipc.maxsockbuf=614400000
net.inet.tcp.syncookies=0
net.inet.tcp.tso=0
kern.random.fortuna.minpoolsize=256
net.inet.tcp.isn_reseed_interval=123