From owner-freebsd-questions@FreeBSD.ORG Fri Dec 7 13:20:08 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 054ED16A418 for ; Fri, 7 Dec 2007 13:20:08 +0000 (UTC) (envelope-from norgaard@locolomo.org) Received: from bifrost.locolomo.org (97.pool85-48-194.static.orange.es [85.48.194.97]) by mx1.freebsd.org (Postfix) with ESMTP id B05DB13C459 for ; Fri, 7 Dec 2007 13:20:07 +0000 (UTC) (envelope-from norgaard@locolomo.org) Received: from sleipner.local (cpe.atm2-0-1291142.0x50c7ad2a.bynxx12.customer.tele.dk [80.199.173.42]) by bifrost.locolomo.org (Postfix) with ESMTP id D9C0839824; Fri, 7 Dec 2007 14:19:11 +0100 (CET) Message-ID: <47594883.3060304@locolomo.org> Date: Fri, 07 Dec 2007 14:20:03 +0100 From: Erik Norgaard User-Agent: Thunderbird 2.0.0.9 (Macintosh/20071031) MIME-Version: 1.0 To: ajtiM References: <200712070620.37273.lumiwa@gmail.com> In-Reply-To: <200712070620.37273.lumiwa@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: PF firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Dec 2007 13:20:08 -0000 ajtiM wrote: > Hi! > > I am a new FreeBSD 7.0 beta3 user and I have standalone computer connected to > the internet (cable). I use both, console and KDE desktop. I tried to setup > PF firewall for the standalone computer but I have a problem with internal > messages (mail) which are blocked if firewall running. > This is from /var/log/mail: > "sm-msp-queue[15113]: lB493C1i007320: to=root, ctladdr=root (0/0), > delay=1+21:37:55, xdelay=00:00:00, mailer=relay, pri > =2552408, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Operation not > permitted" > > My pf.conf looks like: > > pass out quick inet from (sk0) to any keep state label "RULE 0 -- ACCEPT " > block drop in quick inet all label "RULE 1 -- DROP " > block drop out quick inet all label "RULE 1 -- DROP " > block drop in quick inet all label "RULE 10000 -- DROP " > block drop out quick inet all label "RULE 10000 -- DROP " > > Thanks in advance. Everything on the loopback interface is blocked with this rule set. You will normally want a rule at top like this: pass quick on lo0 all This will pass anything on the loopback interface be it IPv4 or IPv6. Cheers, Erik