Digital Ocean droplet:
I have two ipfw tables. Both are created with scripts in the same manner. Here are a few lines for example:
WIthin rc.firewall, I have rules such as:
My problem is the firewall occasionally blocks me even though my IP is not in the table.
For example, I am occasionally assigned an IP of the format 208.xxx.xxx.xxx. Dumping the appropriate table, created with
The ipfw table seems to be sequential, but I ran it through a sort just to be sure.
I see no reason to be blocked. That said, is there some simple way to test a particular IP address against an ipfw table to see what entry is causing the block.
I'm starting to think this is a bug, but more likely due to virtualization rather than FreeBSD, but I need to be sure it isn't pilot error.
Code:
# uname -a
FreeBSD theranch 10.3-RELEASE-p11 FreeBSD 10.3-RELEASE-p11 #0: Mon Oct 24 18:49:24 UTC 2016 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
I have two ipfw tables. Both are created with scripts in the same manner. Here are a few lines for example:
Code:
service nginx stop
ipfw table 1 flush
#cambridge
ipfw table 1 add 128.232.110.28
#caylx socalled edu
ipfw table 1 add 162.247.72.0/24
ipfw table 1 add 162.247.73.0/24
ipfw table 1 add 162.247.74.0/24
Code:
${fwcmd} add 553 deny log all from 'table(1)' to any dst-port 143
My problem is the firewall occasionally blocks me even though my IP is not in the table.
For example, I am occasionally assigned an IP of the format 208.xxx.xxx.xxx. Dumping the appropriate table, created with
ipfw table 1 list
Code:
207.244.64.0/18 0
207.244.144.0/20 0
207.250.234.100/32 0
207.254.208.0/20 0
209.11.0.0/16 0
209.15.0.0/20 0
209.15.16.0/23 0
209.15.18.0/23 0
209.15.20.0/22 0
The ipfw table seems to be sequential, but I ran it through a sort just to be sure.
I see no reason to be blocked. That said, is there some simple way to test a particular IP address against an ipfw table to see what entry is causing the block.
I'm starting to think this is a bug, but more likely due to virtualization rather than FreeBSD, but I need to be sure it isn't pilot error.