From owner-freebsd-pf@FreeBSD.ORG  Sun Oct  8 23:37:14 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C3E1816A40F
	for <freebsd-pf@freebsd.org>; Sun,  8 Oct 2006 23:37:14 +0000 (UTC)
	(envelope-from kian.mohageri@gmail.com)
Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.182])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 460AA43D53
	for <freebsd-pf@freebsd.org>; Sun,  8 Oct 2006 23:37:14 +0000 (GMT)
	(envelope-from kian.mohageri@gmail.com)
Received: by py-out-1112.google.com with SMTP id o67so1954060pye
	for <freebsd-pf@freebsd.org>; Sun, 08 Oct 2006 16:37:11 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references;
	b=i7WbsFQUqqsoTeMGi9bCLqSfCY+Mr/APRSDMwSWO70tz43pMSIaLDuWkUZQw+ZY4HTuDIcjb1U8L9MZDdonLDbVMngyQBQOrL4l/Qm9Nwf+8nilAhftRf6Zo7/kG3t4OfGka9svJ37aIv51lu64qOZC8I967rU8i1sY3u3BZn+E=
Received: by 10.65.20.11 with SMTP id x11mr2245044qbi;
	Sun, 08 Oct 2006 16:37:10 -0700 (PDT)
Received: by 10.65.220.10 with HTTP; Sun, 8 Oct 2006 16:37:10 -0700 (PDT)
Message-ID: <fee88ee40610081637i365b8eb8qb4827c01300040d9@mail.gmail.com>
Date: Sun, 8 Oct 2006 16:37:10 -0700
From: "Kian Mohageri" <kian.mohageri@gmail.com>
To: "Justin Franks" <jfranks@inetassociation.com>
In-Reply-To: <000001c6eb31$bab05140$6401a8c0@iea4grrtmmd560>
MIME-Version: 1.0
References: <000001c6eb31$bab05140$6401a8c0@iea4grrtmmd560>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-pf@freebsd.org
Subject: Re: Need a little PF help here, please...
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Oct 2006 23:37:14 -0000

On 10/8/06, Justin Franks <jfranks@inetassociation.com> wrote:
>
> Have been using PF for over two years and recently ran into "problem"
> which I am sure is something I am overlooking. So I need some direction.
> Here it is: I recently enabled BIND9 on FreeBSD 6.1. I have PF running
> too (PF config below). If I ping yahoo.com nothing happens. However, if
> I comment out the PF rule "block in all" then suddenly I can ping
> yahoo.com. Why will my server not resolve names (like yahoo.com) if the
> "block in all" statement exists? Why does that statement mess it up?
> What am I missing? Please help because I am totally frustrated.
>
>
add 'set skip on lo' before scrub, so you can pass traffic on the loopback
interface (which many things use).

Also, might want to space out your pf.conf a little differently so it has
some distinct sections.