From owner-freebsd-questions@FreeBSD.ORG Tue Mar 24 17:18:54 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 332DD10657B8 for ; Tue, 24 Mar 2009 17:18:54 +0000 (UTC) (envelope-from mksmith@adhost.com) Received: from mail-defer02.adhost.com (mail-defer02.adhost.com [216.211.128.177]) by mx1.freebsd.org (Postfix) with ESMTP id 0AC408FC1E for ; Tue, 24 Mar 2009 17:18:53 +0000 (UTC) (envelope-from mksmith@adhost.com) Received: from mail-in04.adhost.com (mail-in04.adhost.com [10.212.3.14]) by mail-defer02.adhost.com (Postfix) with ESMTP id E9E57138891A for ; Tue, 24 Mar 2009 10:00:11 -0700 (PDT) (envelope-from mksmith@adhost.com) Received: from ad-exh01.adhost.lan (exchange.adhost.com [216.211.143.69]) by mail-in04.adhost.com (Postfix) with ESMTP id 101EB614F99; Tue, 24 Mar 2009 10:00:11 -0700 (PDT) (envelope-from mksmith@adhost.com) X-MimeOLE: Produced By Microsoft Exchange V6.5 MIME-Version: 1.0 x-pgp-encoding-format: MIME x-pgp-mapi-encoding-version: 2.5.0 Content-Type: multipart/signed; boundary="PGP_Universal_F284CC36_61468F6F_D8B4E21C_1CD3A046"; protocol="application/pgp-signature"; micalg=pgp-sha1 x-pgp-encoding-version: 2.0.2 Content-class: urn:content-classes:message Date: Tue, 24 Mar 2009 10:00:10 -0700 Message-ID: <17838240D9A5544AAA5FF95F8D52031605B4283F@ad-exh01.adhost.lan> In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: first firewall with pf Thread-Index: AcmsnXP3KzgXx3KSSCmwy6f1rwcRdAABCnAA References: <53529.216.241.167.212.1237911183.squirrel@webmail.pknet.net> From: "Michael K. Smith - Adhost" To: "Eric Magutu" Cc: freebsd-questions@freebsd.org Subject: RE: first firewall with pf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Mar 2009 17:18:55 -0000 --PGP_Universal_F284CC36_61468F6F_D8B4E21C_1CD3A046 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: QUOTED-PRINTABLE I also forgot to mention: You should probably log your block rule so that you can see what's going on= if things don't work as expected. So: block in log on $ext_if Note the lack of "quick" as well, as previously mentioned. With logging enabled, provided you have pflog running (which you should), y= ou can use the following to see what's being blocked. tcpdump -n -e -ttt -i pflog0 (provided pflog0 is your pflog interface). Regards, Mike --PGP_Universal_F284CC36_61468F6F_D8B4E21C_1CD3A046 Content-Type: application/pgp-signature; name="PGP.sig" Content-Transfer-Encoding: 7BIT Content-Disposition: attachment; filename="PGP.sig" -----BEGIN PGP SIGNATURE----- Version: 9.9.1 (Build 287) iQEVAwUBSckRmvTXQhZ+XcVAAQjMswf/TkULvyN7JV6NEqwDo+WxuZo/4DRlv1G3 ZrcH08lnQPBOxaq4HFoPX9hCi0gdeLj4X7w+ziyXwpYId4Ue0aEqRQVWzLv7nUSf qoeSz/sjVzsWfDx+BXGSlq5/Y4B/nGlBTqscBYFqfDJcr6P9SkHsLg63CTNLE86H G71XBtab6Wq85F16zM7PXyxVd1zYqS6MYOmz/EkkpLZ0DqrghcSK6VAmNosgPFzf BqcMyO2q3sz4hJZ53QSFOCgOyZ2h/Bsa3sf7QGqs7LazmR1Cg/rxRfHitl7wnrzA pJiOjNy2nku61qveNBWR9mJYNhblO2epQiqVGqSYDtKozQfDY4Vklw== =svCE -----END PGP SIGNATURE----- --PGP_Universal_F284CC36_61468F6F_D8B4E21C_1CD3A046--