This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

pf rule not working?

for nearly a week now ip 61.238.158.21 originating from Hong Kong has been hammering a sip attack on my pbx, I have created the following packet rule but I don't see the ip being blocked by packet rule, just shows "default drop" which is filling up my logs fast, that's why I know with the pf rule I can instruct it too not log traffic. Here is the PF rule I created:

Position 1
Source: host 61.238.158.21
service: any
Destination: any

any ideas??

Derek "Astaro newbie"

This thread was automatically locked due to age.

Parents

0 dragnfire over 14 years ago

Mansfred, I tried disabling my sip proxy to see but same results showing in log, I then tried Barry's suggestion of switching destination from any to the 76.10.x ip which that worked!!! (THANKS BARRY!). I'm puzzled though, shouldn't the "any" destination have also picked that up?? At least now I see dropped by packet rule #1 which I can now turn off log traffic. Hong Kong ISP will hopefully intervene soon (they told me 7 days on Sunday past).

thanks again guys.

Derek
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 dragnfire over 14 years ago

Mansfred, I tried disabling my sip proxy to see but same results showing in log, I then tried Barry's suggestion of switching destination from any to the 76.10.x ip which that worked!!! (THANKS BARRY!). I'm puzzled though, shouldn't the "any" destination have also picked that up?? At least now I see dropped by packet rule #1 which I can now turn off log traffic. Hong Kong ISP will hopefully intervene soon (they told me 7 days on Sunday past).

thanks again guys.

Derek
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data