From owner-freebsd-questions@FreeBSD.ORG  Thu Jun  9 00:31:49 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 67D2E16A41C
	for <freebsd-questions@freebsd.org>;
	Thu,  9 Jun 2005 00:31:49 +0000 (GMT)
	(envelope-from sineathj1@citadel.edu)
Received: from imf22aec.mail.bellsouth.net (imf22aec.mail.bellsouth.net
	[205.152.59.70])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DB97B43D49
	for <freebsd-questions@freebsd.org>;
	Thu,  9 Jun 2005 00:31:48 +0000 (GMT)
	(envelope-from sineathj1@citadel.edu)
Received: from ibm67aec.bellsouth.net ([65.0.232.44])
	by imf22aec.mail.bellsouth.net with ESMTP id
	<20050609003148.RCZ16779.imf22aec.mail.bellsouth.net@ibm67aec.bellsouth.net>
	for <freebsd-questions@freebsd.org>; Wed, 8 Jun 2005 20:31:48 -0400
Received: from GARUDA ([65.0.232.44]) by ibm67aec.bellsouth.net with SMTP
	id <20050609003147.CQTT11273.ibm67aec.bellsouth.net@GARUDA>
	for <freebsd-questions@freebsd.org>; Wed, 8 Jun 2005 20:31:47 -0400
Message-ID: <004301c56c8a$686010a0$0463a8c0@GARUDA>
From: "James Bowman Sineath, III" <sineathj1@citadel.edu>
To: "FreeBSD Questions" <freebsd-questions@freebsd.org>
References: <NHBBKEEMKJDINKDJBJHGCECGJCAD.john@day-light.com>
Date: Wed, 8 Jun 2005 20:30:15 -0400
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Subject: ipf blocking pass rule
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jun 2005 00:31:49 -0000

I have the following rule in my ipf.rules:

pass in log first quick on xl0 proto tcp from any to any port = 25 keep 
state

for some reason it will pass the first connection but block the next. A log 
is below. Any ideas on why this is happening would be much appreciated.

Jun  8 16:11:38 fenrir ipmon[202]: 16:11:34.521157 xl0 @0:6 p 
imf17aec.mail.bellsouth.net[205.152.59.65],35968 -> 
10.0.10.20[65.0.232.44],smtp PR tcp len 20 48 -S 2159541450 0 25416 K-S IN
Jun  8 16:16:42 fenrir ipmon[202]: 16:16:41.852047 xl0 @0:6 b 
imf17aec.mail.bellsouth.net[205.152.59.65],35968 -> 
10.0.10.20[65.0.232.44],smtp PR tcp len 20 40 -AR 2159543277 3340325284 0 
K-S IN