Strange block log lines

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Strange block log lines

Christian Kundela
Hi !

I have a question regarding this block lines, also i am not sure if this
is right contact place, so please give me information where to go ...
(sorry for my broken english)

rule 6/(match) block in on bge0: 192.168.1.154.59059 > 2.21.90.90.443: F
55284003:55284003(0) ack 2968292302 win 1040 <nop,nop,timestamp 9118265
3197963231> (DF)
rule 6/(match) block in on bge0: 192.168.1.154.54273 > 95.100.65.62.443:
F 135553435:135553435(0) ack 1906678360 win 1040 <nop,nop,timestamp
9176781 1285578197> (DF)
rule 6/(match) block in on bge0: 192.168.1.154.60208 > 95.100.65.62.443:
F 4149301740:4149301740(0) ack 1905743303 win 1552 <nop,nop,timestamp
9176781 1285578651> (DF)
rule 6/(match) block in on bge0: 192.168.1.154.49411 > 2.21.90.90.443: F
299126652:299126652(0) ack 2971630351 win 1040 <nop,nop,timestamp
9176781 3197955849> (DF)
rule 6/(match) block in on bge0: 192.168.1.154.59322 > 95.100.65.62.443:
F 1473913909:1473913909(0) ack 1882061542 win 1040 <nop,nop,timestamp
9176782 1285578771> (DF)
rule 6/(match) block in on bge0: 192.168.1.154.60467 > 2.21.107.128.443:
F 3144990715:3144990715(0) ack 2033333135 win 1040 <nop,nop,timestamp
9203918 2751294591> (DF)
rule 6/(match) block in on bge0: 192.168.1.154.57605 > 2.21.89.217.443:
F 652234887:652234887(0) ack 1213869662 win 1040 <nop,nop,timestamp
9204087 3294564657> (DF)
rule 6/(match) block in on bge0: 192.168.1.154.65204 > 95.100.65.62.443:
F 1663064126:1663064126(0) ack 1891889668 win 1040 <nop,nop,timestamp
9209570 1283710040> (DF)

why or what is blocked here ?

this is an Playstation Console (PS3 or PS4), i am using named
(forwarding DNS) with an local zone, maybe this is the root of this
block lines, but i don't know ...because dig on those ip's shows this
are dns root server ...
there are no troubles with Internet Download or Streaming etc ... (form
PC's or Consoles)

here is my config pf.conf (taken from pf examples)

int_if="bge0"
ext_if="em0"
net_int="192.168.1.0/24"
set block-policy return
set loginterface egress
set skip on lo
anchor "ftp-proxy/*"
pass in quick on $int_if inet proto tcp to any port ftp divert-to
127.0.0.1 port 8021
anchor miniupnpd

# Squidusing it with Squidguard as filter for my kids
pass in quick on $int_if inet proto tcp from $net_int to port www
divert-to 127.0.0.1 port 3129
pass out quick inet from 127.0.0.1 divert-reply

match out on egress inet from !(egress:network) to any nat-to (egress)
block in log
pass out quick
antispoof log quick for { lo $int_if }
pass in log inet proto icmp all    # had some Problems with Twitch/UStream
pass in on $int_if


pfctl -sr

anchor "ftp-proxy/*" all
pass in quick on bge0 inet proto tcp from any to any port = 21 flags
S/SA divert-to 127.0.0.1 port 8021
anchor "miniupnpd" all
pass in quick on bge0 inet proto tcp from 192.168.1.0/24 to any port =
80 flags S/SA divert-to 127.0.0.1 port 3129
pass out quick inet from 127.0.0.1 to any flags S/SA divert-reply
match out on egress inet from ! (egress:network) to any nat-to (egress)
round-robin
block return in log all
pass out quick all flags S/SA
block drop in log quick on ! lo inet6 from ::1 to any
block drop in log quick on ! lo inet from 127.0.0.0/8 to any
block drop in log quick inet from 127.0.0.1 to any
block drop in log quick on ! bge0 inet from 192.168.1.0/24 to any
block drop in log quick inet from 192.168.1.1 to any
block drop in log quick inet6 from ::1 to any
block drop in log quick on lo0 inet6 from fe80::1 to any
pass in log inet proto icmp all
pass in on bge0 all flags S/SA

If you need more information please contact me. Thanks for help in advice.

Best regards

Chris