From owner-freebsd-questions@FreeBSD.ORG Sat Feb 10 15:47:37 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6CDD916A401 for ; Sat, 10 Feb 2007 15:47:37 +0000 (UTC) (envelope-from flyweight@casema.nl) Received: from smtp-3.orange.nl (smtp-3.orange.nl [193.252.22.243]) by mx1.freebsd.org (Postfix) with ESMTP id 2ECCD13C4A6 for ; Sat, 10 Feb 2007 15:47:37 +0000 (UTC) (envelope-from flyweight@casema.nl) Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf6202.orange.nl (SMTP Server) with ESMTP id 436041C00089 for ; Sat, 10 Feb 2007 16:47:35 +0100 (CET) Received: from [81.68.136.209] (c514488d1.cable.wanadoo.nl [81.68.136.209]) by mwinf6202.orange.nl (SMTP Server) with ESMTP id 1FA771C00084; Sat, 10 Feb 2007 16:47:35 +0100 (CET) X-ME-UUID: 20070210154735129.1FA771C00084@mwinf6202.orange.nl Message-ID: <45CDE964.5070908@casema.nl> Date: Sat, 10 Feb 2007 16:48:52 +0100 From: Tim T Bos User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: Erik Norgaard References: <45CDB1C3.1080508@casema.nl> <45CDE180.9050304@locolomo.org> In-Reply-To: <45CDE180.9050304@locolomo.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Big problems with PF on freeBSD 6.2 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Feb 2007 15:47:37 -0000 Hi Erik, I used a GENERIC kernel as well as a custom kernel. Both have the same behavior. I even tried a default install without any extra boot options. ON FreeBSD 5.5 i didn't have this problem. I'm going to try to log all actions. I must do something seriously wrong..... Thanks anyway Erik Norgaard wrote: > Tim T Bos wrote: >> Hi Guys, >> >> I have a problem with PF. Normally when I load pf.ko it uses deny all >> as default. >> But if i compile it in the kernel or load it as a module both it >> won't work. >> If a have only one rule "block all" or "block all on ext_if" I can still >> go on the internet and if I portscan my computer i get most ports closed >> and some by my isp filtered ports (137 139 and some onher MS ports). >> >> I tried a clean install of freebsd 6.2 with the latest stable source >> ass well. > > you mean "as well" :) > > Do you use a GENERIC kernel? If you have a custom kernel or try to set > special options for pf post those options. Also, post any boot options > that toggle pf behaviour. > > The default behaviour of pf is "pass all", I don't remember if there > is a boot option or similar to change this. > > But anyway, I think it is better to go with the default and set your > desired default action explicitly as the first rule in your rule set. > Try a GENERIC kernel and see if packets are blocked correctly by a > "block log all" rule. > > In any case, you should add "log" to your rules for debugging, so you > can see if ruleset is matched and where packets are blocked or passed. > > Cheers, Erik >