From owner-freebsd-pf@FreeBSD.ORG  Fri Jul  9 21:36:22 2010
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A20A9106564A
	for <freebsd-pf@freebsd.org>; Fri,  9 Jul 2010 21:36:22 +0000 (UTC)
	(envelope-from lconrad@Go2France.com)
Received: from mgw1.MEIway.com (mgw1.meiway.com [81.255.84.75])
	by mx1.freebsd.org (Postfix) with ESMTP id 6A5908FC14
	for <freebsd-pf@freebsd.org>; Fri,  9 Jul 2010 21:36:22 +0000 (UTC)
Received: from VirusGate.MEIway.com (virusgate.meiway.com [81.255.84.76])
	by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 90678471868
	for <freebsd-pf@freebsd.org>; Fri,  9 Jul 2010 23:36:24 +0200 (CEST)
Received: from mail.Go2France.com (ms1.meiway.com [81.255.84.73])
	by VirusGate.MEIway.com (Postfix) with ESMTP id 6CD793865C0
	for <freebsd-pf@freebsd.org>; Fri,  9 Jul 2010 23:36:29 +0200 (CEST)
	(envelope-from lconrad@Go2France.com)
Date: Fri,  9 Jul 2010 23:36:39 +0200
Message-Id: <201007092336.AA320012590@mail.Go2France.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: "Len Conrad" <lconrad@Go2France.com>
X-Sender: <lconrad@Go2France.com>
To: <freebsd-pf@freebsd.org>
X-Mailer: <IMail v7.07>
Subject: Subject: pf:  pass in quick to port 25 still getting blocks
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: lconrad@Go2France.com
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jul 2010 21:36:22 -0000

pf doing host security

not a whole of rules, and all is working well.

an early rule is:

pass in quick on $ext_if inet proto tcp from any to $ext_if port smtp keep state

and the last rule is:

block in log on $ext_if from any to $ext_if,  which logs as: 

rule 33/0(match)

in spite of the pass in smtp, rule 33 is still blocking several 1000 SMTP accesses/day, eg:

rule 33/0(match): block in on em0: 74.120.242.172.57093 > x.x.x.x.25: . ack 50 win 46 <nop,nop,timestamp 727203637 3292309473>

 rule 33/0(match): block in on em0: 94.179.232.111.8364 > x.x.x.x.25: P 0:6(6) ack 1 win 65438


where the text after the 25: has several different formats.

How is any port 25 access not being passed by the pass smtp rule?

Len