From owner-freebsd-pf@freebsd.org  Wed May 27 19:23:21 2020
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8A5B42CCE2B
 for <freebsd-pf@mailman.nyi.freebsd.org>; Wed, 27 May 2020 19:23:21 +0000 (UTC)
 (envelope-from dmickunas1954@fastmail.com)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com
 [66.111.4.29])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 49XLMr5bktz40PS
 for <freebsd-pf@freebsd.org>; Wed, 27 May 2020 19:23:20 +0000 (UTC)
 (envelope-from dmickunas1954@fastmail.com)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailout.nyi.internal (Postfix) with ESMTP id CC99D5C012E
 for <freebsd-pf@freebsd.org>; Wed, 27 May 2020 15:14:57 -0400 (EDT)
Received: from imap4 ([10.202.2.54])
 by compute3.internal (MEProxy); Wed, 27 May 2020 15:14:57 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h=
 mime-version:message-id:date:from:to:subject:content-type; s=
 fm3; bh=lP0pWMYRuSQUtAZcNJkGXCPaW5E0sZLvdvBQ/fGPDPo=; b=l9/42UMM
 +hWiTUL5WsbM4KeDl1Ls9KPvkXOX9GMWIi8l2fr2FXl1YygsL2JQ2Hf12tUJEK83
 m3ucGCN1aI4/z4PBMeBcRmr6wmYStJem6CygJNV14yC0+uLIYrCd81Hjt1Z/K7HJ
 edcWE/kQbuWDFOlebmxIAEkYkzj/I8c+Py4aYxdhOZxrClF2lfl8IFgAe1Tp4nSZ
 o18AJ/jwYO7CY0u41FExlJzfC2qjrCu2JCmDHig5+vlcbJYY5/HUqNzlHlWe/OaL
 Ue2ZVPInvbSwoLrgGXlxf506K5FbTM9vaSPidMD42LirRGRk30teJdDQHb7K5NQ9
 XVKjGtGT0TMn3g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-type:date:from:message-id
 :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender
 :x-me-sender:x-sasl-enc; s=fm2; bh=lP0pWMYRuSQUtAZcNJkGXCPaW5E0s
 ZLvdvBQ/fGPDPo=; b=aV9OI8z7K4i23L52yZxkckr661bhLsnAN+o3viqW05zWJ
 3mmARgLTr6Bc7VUTn16X1LyYlSalg+iiLIWZ4n2JE8z1f86TWEvJSALtdB2hzhEM
 XAh3e1tUgcnby49U6rlvVPbeq1rnNu+94+Ga19ohOUX/Tyni8mlk2RCYVn4x0dvu
 Ta5pv57MVBKNlbQNuC6eA6RAsrvu3smAIz+yJwkM6M1jWPIGet4O3ynzudmaDxZK
 fkSHTB02RIyeOCxV/I1HbGY/u4N/oz9ons3MmQGAYrnsBSjnWoiySjw+ELsEmhKT
 bSAi8zAKJrikI2xIfD6B0HXEV2M8KfyxZrUYVd73A==
X-ME-Sender: <xms:MbzOXhkegMoNJJQa1uZG5S5lrhWekanqV0LdQDQRhbUdL4T2thwQsA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedruddvgedguddvvdcutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkfffhvffutgesrgdtre
 erreertdenucfhrhhomhepfdffohhnrghlugcuofhitghkuhhnrghsfdcuoegumhhitghk
 uhhnrghsudelheegsehfrghsthhmrghilhdrtghomheqnecuggftrfgrthhtvghrnhepue
 ffueegveevvdevkeetkedtjeduhfffgfehffduveduleekffeggedtgeekvdegnecuvehl
 uhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepughmihgtkhhunh
 grshduleehgeesfhgrshhtmhgrihhlrdgtohhm
X-ME-Proxy: <xmx:MbzOXs1imQhoU-k1FeCU7hvllbRQO7kPWX2zpNjtVSkDg4n3gZY_fg>
 <xmx:MbzOXnqXb0qiPMw8dEO9ZGNBR8rhaSQeITeLldP74boQ4yRleaU-vw>
 <xmx:MbzOXhmH9qg-1FJTz8CLZqHmGDe_OA_xtF-wH1WIYeq7dQp2nIX3Ow>
 <xmx:MbzOXm3q-ZaR0OxGV_vln4rKQmhyooKdtfBl400NVeMXCUEbduc_aQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
 id 85DEC3C00A1; Wed, 27 May 2020 15:14:57 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-dev0-488-g9249dd4-fm-20200522.001-g9249dd48
Mime-Version: 1.0
Message-Id: <804eeda4-03ed-4ec8-8755-3130e06382d8@www.fastmail.com>
Date: Wed, 27 May 2020 15:14:10 -0400
From: "Donald Mickunas" <dmickunas1954@fastmail.com>
To: freebsd-pf@freebsd.org
Subject: pkg slow down a lot with simple firewall.
X-Rspamd-Queue-Id: 49XLMr5bktz40PS
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=fastmail.com header.s=fm3 header.b=l9/42UMM;
 dkim=pass header.d=messagingengine.com header.s=fm2 header.b=aV9OI8z7;
 dmarc=pass (policy=none) header.from=fastmail.com;
 spf=pass (mx1.freebsd.org: domain of dmickunas1954@fastmail.com designates
 66.111.4.29 as permitted sender) smtp.mailfrom=dmickunas1954@fastmail.com
X-Spamd-Result: default: False [-2.60 / 15.00]; XM_UA_NO_VERSION(0.01)[];
 RWL_MAILSPIKE_GOOD(0.00)[66.111.4.29:from];
 FREEMAIL_FROM(0.00)[fastmail.com]; MV_CASE(0.50)[];
 TO_DN_NONE(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.29];
 RCVD_COUNT_THREE(0.00)[4];
 DKIM_TRACE(0.00)[fastmail.com:+,messagingengine.com:+];
 DMARC_POLICY_ALLOW(-0.50)[fastmail.com,none];
 NEURAL_HAM_SHORT(-0.49)[-0.492]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:~];
 FREEMAIL_ENVFROM(0.00)[fastmail.com];
 ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US];
 RCVD_TLS_LAST(0.00)[];
 RCVD_IN_DNSWL_LOW(-0.10)[66.111.4.29:from]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.03)[-1.035];
 R_DKIM_ALLOW(-0.20)[fastmail.com:s=fm3,messagingengine.com:s=fm2];
 FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 NEURAL_HAM_LONG(-0.99)[-0.986];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org];
 RCPT_COUNT_ONE(0.00)[1]; MID_RHS_WWW(0.50)[]
Content-Type: text/plain
X-Content-Filtered-By: Mailman/MimeDel 2.1.33
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2020 19:23:21 -0000

Hi all,

I am new to firewalls and trying to learn. I am attempting to set up a pf firewall on FreeBSD 12.1-RELEASE-p5. This is a home computer for personal use and is not part of a server network. "pkg update" will take a minute or more to complete a verification that it is up to date with the firewall on vs. seconds when the firewall is off. I can find no reason for this. I have done a variety of searches online plus in the various forums with zero results. Any ideas?

This is a simple firewall.
Here is my set up:

*/etc/pf.conf*

set skip on lo0
block all
pass in proto tcp to port { 22 }
pass out proto { tcp udp } to port { 22 53 80 123 443 }
pass out inet proto icmp icmp-type { echoreq }


*/etc/rc.conf*

clear_tmp_enable="YES"
sendmail_enable="NONE"
hostname="donsoptiplex"
keymap="us.kbd"
ifconfig_em0="DHCP"
ifconfig_em0_ipv6="inet6 accept_rtadv"
ntpd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"
dbus_enable="YES"
hald_enable="YES"
autofs_enable="YES"
kld_list="/boot/modules/i915kms.ko"
sound_load="YES"
snda_hda_load="YES"
sddm_enable="NO"
cupsd_enable="YES"
devfs_system_ruleset="system"
pf_enable="YES"
pflog_enable="YES"

Thanks!!