From owner-freebsd-pf@FreeBSD.ORG Fri May 1 08:59:23 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9BC27106566B for ; Fri, 1 May 2009 08:59:23 +0000 (UTC) (envelope-from swun2010@gmail.com) Received: from mail-gx0-f167.google.com (mail-gx0-f167.google.com [209.85.217.167]) by mx1.freebsd.org (Postfix) with ESMTP id 57A528FC15 for ; Fri, 1 May 2009 08:59:23 +0000 (UTC) (envelope-from swun2010@gmail.com) Received: by gxk11 with SMTP id 11so629180gxk.19 for ; Fri, 01 May 2009 01:59:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=57Z/3tgvGVBOVQhTO0x5wWKtfVCtNpE8WhtWnyPKvc0=; b=Qft8T3vOkLqKbq4vAKJ2EC2P53pmhDz6sJIRfwxOgLaZW1o1WPKWGbS4Fc8Lu7nGsP 95wVLE1bhwx7lIQjejCp8AAfw9qN/xY4mFLRAsDjAa+nOJwVwe1THbNnAB6CzxIittzU VBzU9ctvSELrKAWu4kY4lhdgSMvdGLuD03cNA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=gMYck3gRiMZPh9hhSIZuzpUjxBr6Efe0u1y8MFmrJ+PlDpHvms3cYKbnrHkv6q2VSk vD1OheyU29xlwf7u2alTJ+N5g2hGaH6NXzk4Vq2ywIRsgVbXf87bgUcKLcM+TBr/AGD0 SaL93qqNEGCAbnoRK0c1mhCSKdrhonjoSWY/U= MIME-Version: 1.0 Received: by 10.151.136.4 with SMTP id o4mr5354581ybn.115.1241166545431; Fri, 01 May 2009 01:29:05 -0700 (PDT) Date: Fri, 1 May 2009 18:29:05 +1000 Message-ID: <736c47cb0905010129k18f834aex9f1484cbf1f7e02e@mail.gmail.com> From: Sam Wun To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: PF rules blocking incoming traffic originated from my port 25. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 May 2009 08:59:23 -0000 Hi guys, OS: FreeBSD 6.2. I don't know what happened with my PF rules. I tried to send email from the webmail installed in this freebsd box. >From the log, it said my PF rule is blocking: tcpdump -n -e -ttt -i pflog0 tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes 000000 rule 4/0(match): block in on em0: 209.85.217.27.25 > 1.2.3.206.50725: S 1649853456:1649853456(0) ack 2736129674 win 5792 2. 994216 rule 4/0(match): block in on em0: 209.85.217.27.25 > 1.2.3.206.50725: S 1649853456:1649853456(0) ack 2736129674 win 5792 971917 rule 4/0(match): block in on em0: 209.85.217.27.25 > 1.2.3.206.50725: S 1649853456:1649853456(0) ack 2736129674 win 5792 2. 229844 rule 4/0(match): block in on em0: 209.85.217.27.25 > 1.2.3.206.50725: S 1649853456:1649853456(0) ack 2736129674 win 5792 3. 197738 rule 4/0(match): block in on em0: 209.85.217.27.25 > 1.2.3.206.50725: S 1649853456:1649853456(0) ack 2736129674 win 5792 ... My PF rules shown as below: scrub in all fragment reassemble block drop in log on ! em0 inet from 1.2.3.4/29 to any block drop in log on ! em0 inet from 1.2.3.6/29 to any block drop in log inet from 1.2.3.4 to any block drop in log inet from 1.2.3.6 to any block drop in log all block drop in log quick on em0 inet from 127.0.0.0/8 to any block drop in log quick on em0 inet from 192.168.0.0/16 to any block drop in log quick on em0 inet from 172.16.0.0/12 to any block drop in log quick on em0 inet from 10.0.0.0/8 to any block drop in log quick on em0 inet from 169.254.0.0/16 to any block drop in log quick on em0 inet from 192.0.2.0/24 to any block drop in log quick on em0 inet from 0.0.0.0/8 to any block drop in log quick on em0 inet from 240.0.0.0/4 to any block drop out log quick on em0 inet from any to 127.0.0.0/8 block drop out log quick on em0 inet from any to 192.168.0.0/16 block drop out log quick on em0 inet from any to 172.16.0.0/12 block drop out log quick on em0 inet from any to 10.0.0.0/8 block drop out log quick on em0 inet from any to 169.254.0.0/16 block drop out log quick on em0 inet from any to 192.0.2.0/24 block drop out log quick on em0 inet from any to 0.0.0.0/8 block drop out log quick on em0 inet from any to 240.0.0.0/4 block drop in log quick on em0 from to any block drop out log quick on em0 from any to block drop in log quick on em0 from to any block drop out log quick on em0 from any to pass in on em0 inet proto tcp from any to 125.255.112.202 port = ssh keep state pass in on em0 inet proto tcp from any to 125.255.112.206 port = ssh keep state pass in on em0 inet proto tcp from any to 125.255.112.202 port = domain keep state pass in on em0 inet proto tcp from any to 125.255.112.206 port = domain keep state pass in on em0 inet proto tcp from any to 125.255.112.202 port = imap keep state pass in on em0 inet proto tcp from any to 125.255.112.206 port = imap keep state pass in on em0 inet proto tcp from any to 125.255.112.202 port = smtp keep state pass in on em0 inet proto tcp from any to 125.255.112.206 port = smtp keep state pass in on em0 inet proto tcp from any to 125.255.112.202 port = https keep state pass in on em0 inet proto tcp from any to 125.255.112.206 port = https keep state pass in on em0 inet proto udp from any to 125.255.112.202 port = domain pass in on em0 inet proto udp from any to 125.255.112.206 port = domain pass in on em0 inet proto tcp from any to 125.255.112.202 port = 8080 keep state pass in on em0 inet proto tcp from any to 125.255.112.206 port = 8080 keep state pass out on em0 proto tcp all keep state pass out on em0 proto udp all keep state pass out on em0 inet proto udp from any to any port 33433 >< 33626 keep state Can anybody please shed some lights on this problem? Thanks