dominic/oe7drt-website
1
1
Fork 0
Code Issues Pull requests Releases Activity

update old post (pfsense, stalled ssh connections)

Browse source
This commit is contained in:
Dominic Reich 2025-01-12 17:24:12 +01:00
parent d57b19a183
commit bb61a03b81
Signed by: dominic
GPG key ID: 0B5787DB23049C45
2 changed files with 39 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
content/posts/2024/70-stalled-ssh-connections/index.md
View file

@ -5,7 +5,7 @@ summary: >
This is how I solved it. This is how I solved it.
<small>The thumbnail was created with Google AI (Imagen 3).</small> <small>The thumbnail was created with Google AI (Imagen 3).</small>
date: 2024-10-06T19:30:17+02:00 date: 2024-10-06T19:30:17+02:00
lastmod: 2025-01-05T09:03:01+0000 lastmod: 2025-01-12T16:24:13+0000
categories: categories:
- computerstuff - computerstuff
tags: tags:
@ -66,7 +66,39 @@ Another change to the firewall setup in my home network.
I did not had this on my mind but I accidentally saw my firewall retrieving I did not had this on my mind but I accidentally saw my firewall retrieving
a blacklist from my server and like instantly my ssh session was unusable again. a blacklist from my server and like instantly my ssh session was unusable again.
I now reduced the amount of updates the firewall retrieves the blacklist and hope I now reduced the amount of updates the firewall retrieves the blacklist and
for the best! hope for the best!
![pfBlockerNG settings of blacklisted IPs](./pfsense-pfblockerng-ipsettings.png "Image shows the settings screen of pfBlockerNG and the IPv4 feeds") ![pfBlockerNG settings of blacklisted IPs](pfsense-pfblockerng-ipsettings.png "Image shows the settings screen of pfBlockerNG and the IPv4 feeds")
{{< alert "triangle-exclamation" >}}
**Update on January 12 2025:**
_The final solution should be the removal of all IPv4 based blocks_
{{< /alert >}}
As the logs of the pfBlockerNG indicate: every hour runs a job that fetches and
updates blocklists for IP and DNS based blocking (if neccessary).
Since the script kills all states to IP addresses in these lists my guess was,
that I should remove these types of blacklist (as the firewall blocks incoming
traffic of unknown sources anyway).
I'm not sure how my servers IP got there, but I think the script kills all states
of any addresses listed in these lists, including those in whitelists.
```log
[ pfB_Top_v4 ] Removed 46 state(s) for [ 89.58.16.xxx ]
igb1 tcp 89.58.16.xxx:ssh <- 192.168.11.yyy:53226 ESTABLISHED:ESTABLISHED
igb0 tcp 192.168.31.zzz:25103 (192.168.11.yyy:53226) -> 89.58.16.xxx:ssh ESTABLISHED:ESTABLISHED
igb1 tcp 89.58.16.xxx:ssh <- 192.168.11.aaa:49270 TIME_WAIT:TIME_WAIT
igb0 tcp 192.168.31.zzz:36706 (192.168.11.aaa:49270) -> 89.58.16.xxx:ssh TIME_WAIT:TIME_WAIT
... and so on etc ...
```
Maybe it would have been enough to stop killing states but as I already wanted
to thin these lists anyway...
Otherwise this settings should suffice, theoretically:
![pfBlockerNG settings of IP settings](pfsense-ip-configutation.png)

BIN
content/posts/2024/70-stalled-ssh-connections/pfsense-ip-configutation.png (Stored with Git LFS) Normal file
View file

Binary file not shown.