This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

packets slipping past explicit PF rule?

07:29:56 Default DROP TCP 222.93.240.134 : 4118 → [Our Public IP] : 80 [SYN] len=48 ttl=116 tos=0x00 srcmac=00:00:00:00:00:00 dstmac=00:08:02:a4:99:5f

I have a group "Chinese Hackers" that includes 222.93.240.0/22 and a PF rule 'Chinese Hackers → Any → Any : Drop'.

99% of such packets are indeed dropped by my rule. Any thoughts about how the packet above could have slithered past my PF rule before being default dropped?

Cheers - Bob

This thread was automatically locked due to age.

Parents

0 Ölm over 15 years ago
07:29:56 Default DROP TCP 222.93.240.134 : 4118 → [Our Public IP] : 80 [SYN] len=48 ttl=116 tos=0x00 srcmac=00:00:00:00:00:00 dstmac=00:08:02:a4:99:5f

Cheers - Bob

Bob, the log line you submitted, from where is it? it doesn´t seem to be from a log inside the ASG. Is it created by a different host in your network? where is this host located?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Ölm over 15 years ago
07:29:56 Default DROP TCP 222.93.240.134 : 4118 → [Our Public IP] : 80 [SYN] len=48 ttl=116 tos=0x00 srcmac=00:00:00:00:00:00 dstmac=00:08:02:a4:99:5f

Cheers - Bob

Bob, the log line you submitted, from where is it? it doesn´t seem to be from a log inside the ASG. Is it created by a different host in your network? where is this host located?
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data