From owner-freebsd-questions@FreeBSD.ORG  Fri Dec 13 12:58:20 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id A220C1EB;
 Fri, 13 Dec 2013 12:58:20 +0000 (UTC)
Received: from 1und1.siccegge.de (unknown [IPv6:2a01:198:200:500::2])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5A7A6153B;
 Fri, 13 Dec 2013 12:58:20 +0000 (UTC)
Received: from cl-3369.cgn-01.de.sixxs.net ([2001:4dd0:ff00:d28::2]
 helo=mitoraj)
 by 1und1.siccegge.de with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128)
 (Exim 4.80) (envelope-from <christoph@christoph-egger.org>)
 id 1VrSJl-0005p1-TL; Fri, 13 Dec 2013 13:58:10 +0100
From: Christoph Egger <christoph@sieglitzhof.net>
To: Mark Felder <feld@FreeBSD.org>
Organization: Privat
References: <87wqjgfzz1.fsf@anonymous.siccegge.de>
 <1386683723.5062.57813365.47243466@webmail.messagingengine.com>
Date: Fri, 13 Dec 2013 13:57:58 +0100
In-Reply-To: <1386683723.5062.57813365.47243466@webmail.messagingengine.com>
 (sfid-20131210_145539_215478_87C3875C) (Mark Felder's message of "Tue, 10
 Dec 2013 07:55:23 -0600")
Message-ID: <87r49gzz55.fsf@mitoraj.siccegge.de>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/kfreebsd)
MIME-Version: 1.0
Content-Type: text/plain
X-SA-Exim-Connect-IP: 2001:4dd0:ff00:d28::2
X-SA-Exim-Mail-From: christoph@christoph-egger.org
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on 1und1.siccegge.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
 autolearn=ham version=3.3.2
Subject: Re: pf blocking too much
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000)
X-SA-Exim-Scanned: Yes (on 1und1.siccegge.de)
Cc: freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Dec 2013 12:58:20 -0000

Hi!

Mark Felder <feld@FreeBSD.org> writes:
> from my old bsd firewall config (now running a juniper, otherwise i'd
> still be using this):
>
> # Allow proto 41 for ipv6 tunnel
> pass in quick on egress inet proto 41 all

  doesn't help (and there's no default drop rule so shouldn't be needed,
right?)

  Christoph