Date: Fri, 07 Dec 2007 14:20:03 +0100 From: Erik Norgaard <norgaard@locolomo.org> To: ajtiM <lumiwa@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: PF firewall Message-ID: <47594883.3060304@locolomo.org> In-Reply-To: <200712070620.37273.lumiwa@gmail.com> References: <200712070620.37273.lumiwa@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
ajtiM wrote: > Hi! > > I am a new FreeBSD 7.0 beta3 user and I have standalone computer connected to > the internet (cable). I use both, console and KDE desktop. I tried to setup > PF firewall for the standalone computer but I have a problem with internal > messages (mail) which are blocked if firewall running. > This is from /var/log/mail: > "sm-msp-queue[15113]: lB493C1i007320: to=root, ctladdr=root (0/0), > delay=1+21:37:55, xdelay=00:00:00, mailer=relay, pri > =2552408, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Operation not > permitted" > > My pf.conf looks like: > > pass out quick inet from (sk0) to any keep state label "RULE 0 -- ACCEPT " > block drop in quick inet all label "RULE 1 -- DROP " > block drop out quick inet all label "RULE 1 -- DROP " > block drop in quick inet all label "RULE 10000 -- DROP " > block drop out quick inet all label "RULE 10000 -- DROP " > > Thanks in advance. Everything on the loopback interface is blocked with this rule set. You will normally want a rule at top like this: pass quick on lo0 all This will pass anything on the loopback interface be it IPv4 or IPv6. Cheers, Erik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47594883.3060304>