Крученые пакети ipfw порт 53 0.0.0.0 0 как забанить?

Question

[Z462]

почему не банится на правилах 20-22-24
что не так

in  93.*.242.* bg3

log
 ipfw: 50504 drop session type 40 46.254.21.69 0 -> 0.0.0.0 0, 68 too many entries
 ipfw: 50504 drop session type 40 46.254.21.69 0 -> 0.0.0.0 0, 67 too many entries

ipfw: 50504 drop session type 40 46.254.21.69 0 -> 0.0.0.0 0, 71 too many entries

ipfw: 50504 drop session type 40 46.254.21.69 0 -> 0.0.0.0 0, 67 too many entries
ipfw: 50504 drop session type 40 46.254.21.69 0 -> 0.0.0.0 0, 62 too many entries
ipfw: 50504 drop session type 40 46.254.21.69 0 -> 0.0.0.0 0, 59 too many entries
ipfw: 50504 drop session type 40 46.254.21.69 0 -> 0.0.0.0 0, 58 too many entries


50504     860228      60416196 allow tcp from any to 93.*.242.*/29 21,53 limit src-addr 50 :default


00020          0             0 deny ip from 224.0.0.0/4,240.0.0.0/4,169.254.0.0/16,127.0.0.0/8,0.0.0.0/8,10.0.0.0/8,172.16.0.0/12,100.64.0.0/10,192.0.2.0/24,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24 to any out via bge3

00021          0             0 deny ip from 224.0.0.0/4,240.0.0.0/4,169.254.0.0/16,127.0.0.0/8,0.0.0.0/8,10.0.0.0/8,172.16.0.0/12,100.64.0.0/10,192.168.0.0/16,192.0.2.0/24,198.18.0.0/15,198.51.100.0/24,204.152.64.0/23,203.0.113.0/24,10.8.0.0/24 to any in via bge3


00023          0             0 deny tcp from any to any 0-19,4022,5431 in via bge0,bge2

00024         22          1060 deny log logamount 1000 tcp from any to any 0-19,4022,5431,113,30005,39072

Comments

[Dimonchik]

там UDP не надо указать?

Answer 1

[Z462]

не решает ( правильно ip )