I'm having an issues loading https websites (google, facebook, amazon) through my PHP scripts using functions like fsockopen, file_get_contents. Operation is being timed out. So I started looking through my system settings and noticed that when ipfw service is being stopped, it works like a charm.
So this is an issue definately related to my IPFW configuration. I have enabled logging and this pops out in the log file while trying to execute the PHP script:
ipfw: 1000 Deny ICMPv6:1.3 [2001:...:...:...::] [2001:...:2:...::] in via em0
ipfw: 1000 Deny ICMPv6:131.0 [...::...:...:...:...] [...::1:...:0] in via em0
ipfw: 1000 Deny ICMPv6:136.0 [2001:...:...:...:ff:ff:ff:ff] [...:...:2:...::] in via em0
Looks like an issue with the IPv6, though, I do allow all keep state-kind connections in my ipfw file.
Here is the configuration I'm currently using:
#!/usr/local/bin/bash
IPF="/sbin/ipfw -q add"
/sbin/ipfw -q -f flush
$IPF 10 allow all from any to any via lo0
$IPF 11 deny all from any to 127.0.0.0/8
$IPF 12 deny all from 127.0.0.0/8 to any
$IPF 13 deny tcp from any to any frag
$IPF 250 check-state
$IPF 260 allow tcp from any to any established
$IPF 270 allow all from any to any out keep-state
$IPF 280 allow icmp from any to any
$IPF 290 allow log tcp from 127.0.0.1/32 to 127.0.0.1/32 3306 in
$IPF 350 allow udp from any to any 53 in
$IPF 351 allow tcp from any to any 53 out
$IPF 352 allow tcp from any to any 80 in
$IPF 353 allow tcp from any to any 80 out
$IPF 361 allow tcp from any to any 443 in
$IPF 362 allow tcp from any to any 443 out
$IPF 363 allow tcp from any to any 22 in
$IPF 364 allow tcp from any to any 22 out
$IPF 1000 deny log all from any to any
Also: I started having this problem after upgrading to FreeBSD 10.3 (9.2 earlier).
What is the problem?
