From owner-freebsd-pf@FreeBSD.ORG  Sun Nov  6 07:24:06 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 43D0016A41F
	for <freebsd-pf@freebsd.org>; Sun,  6 Nov 2005 07:24:06 +0000 (GMT)
	(envelope-from micke@litet.se)
Received: from mxfep01.bredband.com (mxfep01.bredband.com [195.54.107.70])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6976043D45
	for <freebsd-pf@freebsd.org>; Sun,  6 Nov 2005 07:24:04 +0000 (GMT)
	(envelope-from micke@litet.se)
Received: from nystrom.mine.nu ([85.226.65.50] [85.226.65.50])
	by mxfep01.bredband.com with ESMTP
	id <20051106072403.XGWR28583.mxfep01.bredband.com@nystrom.mine.nu>
	for <freebsd-pf@freebsd.org>; Sun, 6 Nov 2005 08:24:03 +0100
Received: from [127.0.0.1] (laptop [192.168.1.3])
	by nystrom.mine.nu (8.13.4/8.13.4) with ESMTP id jA67NglS009548
	for <freebsd-pf@freebsd.org>; Sun, 6 Nov 2005 08:24:03 +0100 (CET)
	(envelope-from micke@litet.se)
Message-ID: <436DAF70.7000409@litet.se>
Date: Sun, 06 Nov 2005 08:23:28 +0100
From: =?ISO-8859-1?Q?Mikael_Nystr=F6m?= <micke@litet.se>
User-Agent: Thunderbird 1.6a1 (Windows/20051101)
MIME-Version: 1.0
To: freebsd-pf@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV version 0.87.1,
	clamav-milter version 0.87 on nystrom.mine.nu
X-Virus-Status: Clean
Subject: pf not working when going to FBSD 6.0
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Nov 2005 07:24:06 -0000

Hi,

I just upgraded my FreeBSD from 5.4 to 6.0.
Everything works fine except for pf.

Everything generated from the localhost works well, but incoming packets 
to my services gets accepted but no answer is returned.

Can anyone please give me a hint of what I'm don't understand.

My pf.conf looks like this:

lan_net = "192.168.1.0/24"

# scrub incoming packets
scrub in all

# setup a default deny policy
block in  all
block out all

# pass traffic on the loopback interface in either direction
pass quick on lo0 all

# activate spoofing protection
antispoof quick for bfe0 inet

# pass all traffic to and from the local network
pass in  on bfe0 from $lan_net to any
pass out on bfe0 from any to $lan_net

pass in log on bfe0 proto tcp from any to bfe0 port ssh flags S/SA 
synproxy state
pass in log on bfe0 proto tcp from any to bfe0 port smtp flags S/SA 
synproxy state
pass in log on bfe0 proto tcp from any to bfe0 port http flags S/SA 
synproxy state
pass in log on bfe0 proto tcp from any to bfe0 port https flags S/SA 
synproxy state

# pass tcp, udp, and icmp out.
# keep state on udp and icmp and modulate state on tcp.
pass out on bfe0 proto tcp all modulate state flags S/SA
pass out on bfe0 proto { udp, icmp } all keep state

Thanks,

//Micke