Date: Sun, 8 Oct 2006 16:30:23 -0700 From: "Justin Franks" <jfranks@inetassociation.com> To: <freebsd-pf@freebsd.org> Subject: Need a little PF help here, please... Message-ID: <000001c6eb31$bab05140$6401a8c0@iea4grrtmmd560>
next in thread | raw e-mail | index | archive | help
Have been using PF for over two years and recently ran into "problem" which I am sure is something I am overlooking. So I need some direction. Here it is: I recently enabled BIND9 on FreeBSD 6.1. I have PF running too (PF config below). If I ping yahoo.com nothing happens. However, if I comment out the PF rule "block in all" then suddenly I can ping yahoo.com. Why will my server not resolve names (like yahoo.com) if the "block in all" statement exists? Why does that statement mess it up? What am I missing? Please help because I am totally frustrated. Here is my pf.conf file. table <misc> persist file "/etc/pf-files/misc" table <spam> persist file "/etc/pf-files/spam" table <ssh> persist file "/etc/pf-files/ssh" table <gov> persist file "/etc/pf-files/gov" table <dod> persist file "/etc/pf-files/dod" table <fbi> persist file "/etc/pf-files/fbi" table <cia> persist file "/etc/pf-files/cia" table <china> persist file "/etc/pf-files/china" table <hongkong> persist file "/etc/pf-files/hongkong" table <taiwan> persist file "/etc/pf-files/taiwan" table <vietnam> persist file "/etc/pf-files/vietnam" table <argentina> persist file "/etc/pf-files/argentina" scrub in all block in all antispoof for rl0 inet pass in quick on rl0 proto tcp from any to rl0 port www pass in quick on rl0 proto udp from any to rl0 port www block in quick on rl0 proto tcp from <misc> to rl0 port 25 block in quick on rl0 proto tcp from <spam> to rl0 port 25 block in quick on rl0 from <gov> to any block in quick on rl0 from <dod> to any block in quick on rl0 from <fbi> to any block in quick on rl0 from <cia> to any block in quick on rl0 proto tcp from <china> to rl0 port 25 block in quick on rl0 proto tcp from <hongkong> to rl0 port 25 block in quick on rl0 proto tcp from <taiwan> to rl0 port 25 block in quick on rl0 proto tcp from <vietnam> to rl0 port 25 block in quick on rl0 proto tcp from <argentina> to rl0 port 25 pass in on rl0 proto tcp from any to rl0 port 25 pass in on rl0 proto tcp from any to rl0 port 110 pass in on rl0 proto tcp from <ssh> to rl0 port 22 pass in on rl0 inet proto icmp all icmp-type echoreq pass out keep state ------------------- Justin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c6eb31$bab05140$6401a8c0>