From owner-freebsd-pf@FreeBSD.ORG Wed Mar 2 01:48:03 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 49E3F16A4CE for ; Wed, 2 Mar 2005 01:48:03 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id C617D43D46 for ; Wed, 2 Mar 2005 01:48:02 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.208] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1D6Iy1-00040v-00; Wed, 02 Mar 2005 02:48:01 +0100 Received: from [217.83.10.140] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1D6Iy1-0005ep-00; Wed, 02 Mar 2005 02:48:02 +0100 From: Max Laier To: freebsd-pf@freebsd.org Date: Wed, 2 Mar 2005 02:47:53 +0100 User-Agent: KMail/1.7.2 References: <4224F74B.1030502@trini0.org> In-Reply-To: <4224F74B.1030502@trini0.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2193814.uip7lUt62x"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200503020248.01088.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Re: Whats wrong with this ruleset? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2005 01:48:03 -0000 --nextPart2193814.uip7lUt62x Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 02 March 2005 00:14, Gerard Samuel wrote: > For some reason, port 53 is blocked going out of the external interface -> > 000000 rule 0/0(match): block out on ed0: IP xx.xxx.xxx.xx.53 > > xx.xx.xx.xxx.4973 > > Im still new to pf, but shouldn't the last two lines allow anything > going out > to pass?? > Any ideas on how to fix? Can you send the output of "$pfctl -vsr" after some packets have been block= ed? =20 The match counters are extremely helpful when debugging such problems. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2193814.uip7lUt62x Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCJRtRXyyEoT62BG0RAkeOAJ0WM9JX2LVy+EHuQsoO+5GHljBsHACeIB/f m2hDRXFbDCSo8Bla13kL8Us= =Iqnr -----END PGP SIGNATURE----- --nextPart2193814.uip7lUt62x--