From owner-freebsd-pf@FreeBSD.ORG Wed Oct 31 00:00:36 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B5A0B16A41B for ; Wed, 31 Oct 2007 00:00:36 +0000 (UTC) (envelope-from dougs@dawnsign.com) Received: from mailfilter.dawnsign.com (cetus.dawnsign.com [216.70.250.4]) by mx1.freebsd.org (Postfix) with ESMTP id 9D93B13C4B6 for ; Wed, 31 Oct 2007 00:00:36 +0000 (UTC) (envelope-from dougs@dawnsign.com) Received: from cetus.dawnsign.com (cetus.dawnsign.com [192.168.1.5]) by mailfilter.dawnsign.com (Postfix) with ESMTP id 321FF95824; Tue, 30 Oct 2007 16:32:15 -0700 (PDT) Received: by cetus.dawnsign.com with Internet Mail Service (5.5.2657.72) id ; Tue, 30 Oct 2007 16:32:15 -0700 Message-ID: <9DE6EC5B5CF8C84281AE3D7454376A0D6D0149@cetus.dawnsign.com> From: Doug Sampson To: 'Olli Hauer' Date: Tue, 30 Oct 2007 16:32:11 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" Cc: freebsd-pf@freebsd.org Subject: RE: spamd nonfunctioning due to power outage in SD X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Oct 2007 00:00:36 -0000 <..snip..> > 200.46.204.71.53512 > 127.0.0.1.25: S > 2390205679:2390205679(0) win 65535 > > 038980 rule 3/0(match): block in on rl0: > 200.46.204.71.65136 > 127.0.0.1.25: S 1802046267:1802046267(0) w > > > > Which of the rules above does rule 3/0(match) refer to? > > It's easier to count the rules this way > Nat/rdr rules: > # pfctl -sn > filter rues: > # pfctl -sr => now look at the 3'rd line > > > @8 pass in log inet proto tcp from any to 216.70.250.4 > port = smtp flags S/SA synproxy state > > @9 pass out log inet proto tcp from 216.70.250.4 to any > port = smtp flags S/SA synproxy state > > @10 pass in log inet proto tcp from 192.168.1.0/24 to > 192.168.1.25 port = smtp flags S/SA synproxy state > > @11 block drop in log all > > There is no quick keyword, so please place @11 before @8 > reload the pf rules and post the output of > 1) pfctl -sn > 2) pfctl -sr > 3) now take again a look with tcpdump -i pflog0 > this makes things easier to count and refer > Egads, so it was rule #11 that was blocking! I've modified to have #11 appear before #8 and restarted. All appear to be functioning as previously. I don't quite understand why the original pf.conf rules were letting the mail into both port 25 and 8025 prior to the last reboot-- I had #11 after #8 all along! Thanks for your kind assistance! I've made this a supporting document for future troubleshooting activity! ~Best ~Doug