From owner-freebsd-questions@FreeBSD.ORG  Wed Feb 15 15:23:49 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@FreeBSD.org
Delivered-To: freebsd-questions@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C51A216A420
	for <freebsd-questions@FreeBSD.org>;
	Wed, 15 Feb 2006 15:23:49 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from strange.daemonsecurity.com
	(59.Red-81-33-11.staticIP.rima-tde.net [81.33.11.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4D46D43D45
	for <freebsd-questions@FreeBSD.org>;
	Wed, 15 Feb 2006 15:23:48 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from [172.24.8.84] (generic.ATOSORIGIN.ES [212.170.156.200])
	by strange.daemonsecurity.com (Postfix) with ESMTP id DC7D62E041;
	Wed, 15 Feb 2006 16:23:51 +0100 (CET)
Message-ID: <43F34782.60300@locolomo.org>
Date: Wed, 15 Feb 2006 16:23:46 +0100
From: Erik Norgaard <norgaard@locolomo.org>
User-Agent: Thunderbird 1.5 (X11/20060118)
MIME-Version: 1.0
To: Maxim Vetrov <muxas@mail.ru>
References: <MIEPLLIBMLEEABPDBIEGGEDJHNAA.fbsd_user@a1poweruser.com>
	<43F3B343.5070802@mail.ru>
In-Reply-To: <43F3B343.5070802@mail.ru>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: fbsd_user@a1poweruser.com, freebsd-questions@FreeBSD.org, chris@i13i.com
Subject: Re: IPFILTER rule error
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Feb 2006 15:23:49 -0000

Maxim Vetrov wrote:
> ################################################################################
> #              Internal interface #1 - rl0 (10.0.1.0/29)                       #
> ################################################################################
> 
> #%%%%%%%%%%%%%%%%% Block-and-log everything that is not allowed explicitly %%%%%
> block in log on rl0 all head 20
> block out log on rl0 all head 25
> #%%%%%%%%%%%%%%%%% Allow Sun RPC incoming calls %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> pass in quick on rl0 \
>   proto tcp/udp from any to any port = sunrpc keep state group 20
> pass in quick on rl0 \
>   proto tcp/udp from any to any port = 717 keep state group 20
> # the next line raise the error when uncommented
> #pass out quick on rl0 \
> #  proto udp from any to any port = 111 keep state group 20

I think someone else already pointed at this: You try to add a rule for 
outbound traffic to the inbound group in the offending line. Try correct 
to group 25.

Cheers, Erik

-- 
Ph: +34.666334818                                  web: www.locolomo.org
S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt
Subject ID:  9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72
Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9