From owner-freebsd-pf@FreeBSD.ORG Wed Nov 15 17:11:19 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 84F9016A47C for ; Wed, 15 Nov 2006 17:11:19 +0000 (UTC) (envelope-from antik@bsd.ee) Received: from mx2.starman.ee (smtp-out4.starman.ee [85.253.0.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D5C843D94 for ; Wed, 15 Nov 2006 17:11:11 +0000 (GMT) (envelope-from antik@bsd.ee) Received: from [192.168.2.101] (pc116.host1.ida.starman.ee [62.65.240.116]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx2.starman.ee (Postfix) with ESMTP id 7220332C3E5 for ; Wed, 15 Nov 2006 19:10:54 +0200 (EET) From: Andrei Kolu To: freebsd-pf@freebsd.org Date: Wed, 15 Nov 2006 19:10:51 +0200 User-Agent: KMail/1.9.3 References: <56217.24.161.8.173.1159492654.squirrel@mail.poklib.org> <54636.24.161.8.173.1160744143.squirrel@mail.poklib.org> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200611151910.53727.antik@bsd.ee> X-Virus-Scanned: by Amavisd-New at mx2.starman.ee Subject: problems connecting samba shares X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2006 17:11:19 -0000 Hi! I am struggling here with PF firewall and just can't connect to any samba share if PF is enabled: set block-policy return set loginterface rl0 scrub in all block in log all pass out all keep state table persist file "/etc/blacklist" pass inet proto icmp from any to any antispoof for rl0 pass in on rl0 proto udp from any to (rl0) port 445 keep state pass in on rl0 proto udp from any to (rl0) port 137 keep state pass in on rl0 proto udp from any to (rl0) port 138 keep state pass in on rl0 proto udp from any to (rl0) port 139 keep state pass in on rl0 proto tcp from any to (rl0) port 22 keep state pass in on rl0 proto tcp from any to (rl0) port 80 keep state pass in on rl0 proto tcp from any to (rl0) port 445 keep state pass in on rl0 proto tcp from any to (rl0) port 137 keep state pass in on rl0 proto tcp from any to (rl0) port 138 keep state pass in on rl0 proto tcp from any to (rl0) port 139 keep state block on rl0 from to any # tcpdump -n -e -ttt -i pflog0 278062 rule 0/0(match): block in on rl0: 192.168.2.100.137 > 192.168.2.101.53259: NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST