From owner-freebsd-pf@FreeBSD.ORG Fri May 1 08:39:28 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 38EE31065676 for ; Fri, 1 May 2009 08:39:28 +0000 (UTC) (envelope-from swun2010@gmail.com) Received: from mail-gx0-f167.google.com (mail-gx0-f167.google.com [209.85.217.167]) by mx1.freebsd.org (Postfix) with ESMTP id EA8618FC14 for ; Fri, 1 May 2009 08:39:27 +0000 (UTC) (envelope-from swun2010@gmail.com) Received: by gxk11 with SMTP id 11so620827gxk.19 for ; Fri, 01 May 2009 01:39:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=y+O5vZrl90+R/0UGM61suKYVIdFCYlEro8zPoiCxpns=; b=LVtUVeBZPINLHxMSTUiJI6kX2McTls1AeRaUjjkYidlPQvxo1L6gJl8f4owpE7KDl6 j9MaUZFAeVfnhhXdu4tU0Gvo4IsPBxIWFcAnvwvVdmWyOSkPP6D/bqGITIcgO2IKdHdN xJ2BklitMmA8Quz15iUoFi+RhPkZvximlHxu4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=GX6kno6pqsv5SJBUca2aBXls29nxkgp93wZA1bcxnkTM2Uj/LEinRbbGNp6hx0pXbv JDByURkMnCKNwaL5Zd0v7kuDtGOFzhyzqGFhd/jyYAe/oDxwEVfuiBCSXpxRVjDJo0DX dU1/xw8ho9xxD8qvo2QnF85aXMC1k0ZeDCrLo= MIME-Version: 1.0 Received: by 10.151.69.7 with SMTP id w7mr5379367ybk.10.1241166835249; Fri, 01 May 2009 01:33:55 -0700 (PDT) Date: Fri, 1 May 2009 18:33:55 +1000 Message-ID: <736c47cb0905010133l62859430u813ef04d754f7218@mail.gmail.com> From: Sam Wun To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: PF rules blocking incoming traffic originated from my port 25. - repost witih consistent IP address X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 May 2009 08:39:28 -0000 Hi guys, OS: FreeBSD 6.2. I don't know what happened with my PF rules. I tried to send email from the webmail installed in this freebsd box. >From the log, it said my PF rule is blocking: tcpdump -n -e -ttt -i pflog0 tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes 000000 rule 4/0(match): block in on em0: 209.85.217.27.25 > 1.2.3.206.50725: S 1649853456:1649853456(0) ack 2736129674 win 5792 2. 994216 rule 4/0(match): block in on em0: 209.85.217.27.25 > 1.2.3.206.50725: S 1649853456:1649853456(0) ack 2736129674 win 5792 971917 rule 4/0(match): block in on em0: 209.85.217.27.25 > 1.2.3.206.50725: S 1649853456:1649853456(0) ack 2736129674 win 5792 2. 229844 rule 4/0(match): block in on em0: 209.85.217.27.25 > 1.2.3.206.50725: S 1649853456:1649853456(0) ack 2736129674 win 5792 3. 197738 rule 4/0(match): block in on em0: 209.85.217.27.25 > 1.2.3.206.50725: S 1649853456:1649853456(0) ack 2736129674 win 5792 ... scrub in all fragment reassemble block drop in log on ! em0 inet from 1.2.3.200/29 to any block drop in log on ! em0 inet from 1.2.3.200/29 to any block drop in log inet from 1.2.3.202 to any block drop in log inet from 1.2.3.206 to any block drop in log all block drop in log quick on em0 inet from 127.0.0.0/8 to any block drop in log quick on em0 inet from 192.168.0.0/16 to any block drop in log quick on em0 inet from 172.16.0.0/12 to any block drop in log quick on em0 inet from 10.0.0.0/8 to any block drop in log quick on em0 inet from 169.254.0.0/16 to any block drop in log quick on em0 inet from 192.0.2.0/24 to any block drop in log quick on em0 inet from 0.0.0.0/8 to any block drop in log quick on em0 inet from 240.0.0.0/4 to any block drop out log quick on em0 inet from any to 127.0.0.0/8 block drop out log quick on em0 inet from any to 192.168.0.0/16 block drop out log quick on em0 inet from any to 172.16.0.0/12 block drop out log quick on em0 inet from any to 10.0.0.0/8 block drop out log quick on em0 inet from any to 169.254.0.0/16 block drop out log quick on em0 inet from any to 192.0.2.0/24 block drop out log quick on em0 inet from any to 0.0.0.0/8 block drop out log quick on em0 inet from any to 240.0.0.0/4 block drop in log quick on em0 from to any block drop out log quick on em0 from any to block drop in log quick on em0 from to any block drop out log quick on em0 from any to pass in on em0 inet proto tcp from any to 1.2.3.202 port = ssh keep state pass in on em0 inet proto tcp from any to 1.2.3.206 port = ssh keep state pass in on em0 inet proto tcp from any to 1.2.3.202 port = domain keep state pass in on em0 inet proto tcp from any to 1.2.3.206 port = domain keep state pass in on em0 inet proto tcp from any to 1.2.3.202 port = imap keep state pass in on em0 inet proto tcp from any to 1.2.3.206 port = imap keep state pass in on em0 inet proto tcp from any to 1.2.3.202 port = smtp keep state pass in on em0 inet proto tcp from any to 1.2.3.206 port = smtp keep state pass in on em0 inet proto tcp from any to 1.2.3.202 port = https keep state pass in on em0 inet proto tcp from any to 1.2.3.206 port = https keep state pass in on em0 inet proto udp from any to 1.2.3.202 port = domain pass in on em0 inet proto udp from any to 1.2.3.206 port = domain pass in on em0 inet proto tcp from any to 1.2.3.202 port = 8080 keep state pass in on em0 inet proto tcp from any to 1.2.3.206 port = 8080 keep state pass out on em0 proto tcp all keep state pass out on em0 proto udp all keep state pass out on em0 inet proto udp from any to any port 33433 >< 33626 keep state