From owner-freebsd-questions@FreeBSD.ORG Fri Mar 7 19:37:20 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9B7481065674 for ; Fri, 7 Mar 2008 19:37:20 +0000 (UTC) (envelope-from prestonh@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.189]) by mx1.freebsd.org (Postfix) with ESMTP id 296548FC29 for ; Fri, 7 Mar 2008 19:37:19 +0000 (UTC) (envelope-from prestonh@gmail.com) Received: by nf-out-0910.google.com with SMTP id b2so405010nfb.33 for ; Fri, 07 Mar 2008 11:37:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=dcaWXKB4B17nO2VsHV24A2V6+p6YS9WFJc4/Cm8aTS8=; b=p1sjZYFxwVursjGfCKDShNyKaGcJJaKtzRcmR3VvHGqoWnusKpfDnbe1w5K/r0D647VcE3vuUVoJZ0V083w0THdfM8NYjIEJ+eVZg4GmCsMnjuvIf417Mjx97o53BVUPhP7QLkstrRxDv6bxBOV3TRv7qdUVo3PPElxM0UaAt48= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=FAggMH+v4WrOlM+jauT/IHrbM6H6Z4fliqUNBLlodIEgCzSCGT23NRpWzrKRzpWDOA6QJC/e1MxVEVb6acS0Rk20wukh6OzzdelQJmYl0wl6Z5ihMiqRyB5TgPjiB7ZLejlsOCe212zvZap3j/UjyiFyfXd/Ax5fWvTAZ7YeWN8= Received: by 10.78.205.7 with SMTP id c7mr5053357hug.27.1204918631835; Fri, 07 Mar 2008 11:37:11 -0800 (PST) Received: by 10.78.194.19 with HTTP; Fri, 7 Mar 2008 11:37:11 -0800 (PST) Message-ID: <8f5897560803071137k5be64b92j2a2de604661cb83e@mail.gmail.com> Date: Fri, 7 Mar 2008 13:37:11 -0600 From: "Preston Hagar" To: "Alaor Barroso de Carvalho Neto" In-Reply-To: <2949641c0803061002t1861694ajb5ce75559a23bc33@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <2949641c0803060554q2ecba5e7g7920bf0b252277c9@mail.gmail.com> <47D00412.40803@locolomo.org> <2949641c0803061002t1861694ajb5ce75559a23bc33@mail.gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Please help me with my PF config X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Mar 2008 19:37:20 -0000 On Thu, Mar 6, 2008 at 12:02 PM, Alaor Barroso de Carvalho Neto wrote: > 2008/3/6, Erik Norgaard norgaard@locolomo.org: > I know my config is far away from a good config but it's the first time I > configure an firewall, and I have only basic english knowledge, I'm not > totally sure about I can and I can not do, even since I read the tutorials, > because my english skills aren't good enough. The "IN" and "OUT" stuff is > very confusing for me yet. > > But thankz a lot, it's working now. > > Hugs, > Alaor Neto > > It looks like you already have your problem solved. One utility you might want to look at is pftop. With it, you can see pretty much in real time what is going through pf and what is being blocked. This has helped me a lot to find out which rule in blocking something I need to let through. If you run pftop, then hit the right arrow key, it will have the rule that is being applied for a given connection on the far right-hand side. If you hit SHIFT+S it will order the connections by source ip to help you find what you are looking for. Once you have the rule number that is blocking the connection you need to let through, hit the right arrow 4 more times to see the list of rules and their corresponding numbers. It may or may not be of much use to you, but I have found pftop to be indispensable when setting up pf firewalls. Preston