From owner-freebsd-pf@FreeBSD.ORG Wed Feb 15 15:53:27 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0DCFB106566C for ; Wed, 15 Feb 2012 15:53:27 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id C60958FC0C for ; Wed, 15 Feb 2012 15:53:26 +0000 (UTC) Received: by iaeo4 with SMTP id o4so2091208iae.13 for ; Wed, 15 Feb 2012 07:53:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=ULJ1PN9E6hq7Az7ywq3jiEoppj0cwn6hoJ5vV2CRZ0A=; b=auxEr/6gcDIBNF1p2Gktbg/aONkMGtLya3gE6QFiX0Oqces0n5RZHsO5a3zpFp8/HA cl5/4voNKcwJgP+TTgkGbAFuODDqhOGvw+Oc5gqom9AxEIdtYCyx0xnCptgxmhhRMmRr 3hw9diZfYVP1jnEUmTQtqLeQqzFh8kklmmN6M= Received: by 10.42.19.65 with SMTP id a1mr33897427icb.48.1329319774230; Wed, 15 Feb 2012 07:29:34 -0800 (PST) Received: from DataIX.net (adsl-99-181-151-123.dsl.klmzmi.sbcglobal.net. [99.181.151.123]) by mx.google.com with ESMTPS id d15sm6389043ibf.7.2012.02.15.07.29.32 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 15 Feb 2012 07:29:32 -0800 (PST) Sender: Jason Hellenthal Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q1FFTUfN018396 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 15 Feb 2012 10:29:30 -0500 (EST) (envelope-from jhell@DataIX.net) Received: (from jhell@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q1FFTSaS013744; Wed, 15 Feb 2012 10:29:28 -0500 (EST) (envelope-from jhell@DataIX.net) Date: Wed, 15 Feb 2012 10:29:28 -0500 From: Jason Hellenthal To: Damien Fleuriot Message-ID: <20120215152928.GA23782@DataIX.net> References: <4F3B76DB.1040301@my.gd> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4F3B76DB.1040301@my.gd> Cc: freebsd-pf@freebsd.org Subject: Re: Differences in PF between FBSD 8.2 & 9.0? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Feb 2012 15:53:27 -0000 On Wed, Feb 15, 2012 at 10:11:55AM +0100, Damien Fleuriot wrote: > On 2/15/12 2:22 AM, Doug Sampson wrote: > > I got bitten by PF when upgrading from 8.2 to 9.0. It refused to allow > > any incoming mail. I'm using spamd in conjunction with pf. I use a > > combination of natting along with redirections in conjunction with the > > normal pass/block rules. > > > > Toggle logging on both your default drop rule and your allow mail ones. > > Then tcpdump -nei pflog0 ip and port 465 (or 25, whichever) > See what rule number matches your packets, then find out what rule that > is with pfctl -vvvsr > pftop may be of use to you here as well. Fire it up and hit the number 6 to watch for which rules are getting more hits than others. -- ;s =;