Hi,
I've a block rule that sometimes fails to block?
Some of my config.
<rule>
<type>block</type>
<interface>lan</interface>
<protocol>tcp/udp</protocol>
<source>
<address>PRESCOT</address>
</source>
<destination>
<address>178.73.0.0/16</address>
</destination>
<log/>
<descr>Block 178.73.0.0/16</descr>
</rule>
<alias>
<name>PRESCOT</name>
<address>192.168.10.200</address>
<descr>PRESCOT</descr>
</alias>
From status.php
ipnat -lv
...
RDR 192.168.10.200 37466 <- -> <MY PUBLIC IP> 37466 [178.73.236.174 49147]
ttl 18000 use 0 sumd 0xc3d1/0xc3d1 pr 6 bkt 1028/1591 flags 1
More from status.php
ipfstat -nio
...
# Group 100
@1 pass in quick from 192.168.10.0/24 to 192.168.10.1/32 keep state group
100
@2 block in log first quick proto tcp/udp from 192.168.10.200/32 to
178.73.0.0/16 group 100
@3 pass in quick from 192.168.10.0/24 to any keep state group 100
...
# User-defined rules follow
block in log first quick from 178.37.119.247 to any group 200
pass in log first quick proto tcp from 151.156.0.0/16 to 192.168.10.208 port
= 80 keep state group 200
pass in quick proto tcp from 87.241.110.126 to 192.168.10.208 port = 21 keep
state group 200
pass in quick proto tcp from 81.170.177.83 to 192.168.10.208 port = 21 keep
state group 200
pass in quick proto tcp/udp from any to 192.168.10.200 port = 37466 keep
state group 200
pass in quick proto tcp/udp from any to 192.168.10.200 port = 6891 keep
state group 200
pass in log first quick proto tcp from 151.156.0.0/16 to 81.235.181.179 port
= 443 keep state group 200
block in log first quick proto icmp from any to any group 200
block in log first quick from any to any group 200
block in log first quick proto tcp/udp from 192.168.10.200 to 178.73.0.0/16
group 100
pass in quick from 192.168.10.0/24 to any keep state group 100
last 50 filter log entries
...
Nov 8 06:28:44 m0n0wall ipmon[113]: 06:28:44.016489 vr0 @100:2 b
192.168.10.200,3092 -> 178.73.230.174,51753 PR tcp len 20 48 -S IN
... | 