[pfSense] PF sense box generating a ton of traffic to somebody's port 80.
Jaye Mathisen
mrcpu at mathisen.org
Fri Mar 23 21:37:56 EDT 2012
2 parts, the important part is question 2.
I have pfsense 2.0.1 running in a VM, works fine. Installed the unbound
DNS server.
Kind of just forgot about it, because it's running great, logged in, and
found in pftop that unbound is doing the following:
18:25:05.185579 IP 75.126.6.82.53 > 72.251.250.98.80: 53936 27/0/12
SOA[|domain]
18:25:05.185586 IP 75.126.6.82 > 72.251.250.98: udp
18:25:05.185743 IP 75.126.6.82 > 72.251.250.98: udp
18:25:05.508231 IP 72.251.250.98.80 > 75.126.6.82.53: 53940+ [1au] ANY?
isc.org.
Over and over and over, 11GB worth of data so far...
So Question 1 is why.
Question 2:
But the more specific pfsense part is:
I have a floating rule that says block quick on the WAN interface, all
traffic both directions, any protocol, with 72.251.250.0/24, and log it.
It's the first rule in the floating rule section.
>From pfctl -sr:
block drop log quick on em0 inet from 72.251.250.0/24 to any label
"USER_RULE: FLT -- block excessive traffic from .98"
However, nothing is logged, and the traffic is still going up. I have
reloaded the filter ruleset. What am I missing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pfsense.org/pipermail/list/attachments/20120323/e2e94290/attachment.html>
More information about the List
mailing list