Date: Mon, 9 Oct 2006 07:46:52 +0100 From: "Greg Hennessy" <Greg.Hennessy@nviz.net> To: <freebsd-pf@freebsd.org> Subject: RE: Need a little PF help here, please... Message-ID: <000301c6eb6e$b49aeda0$0201a8c0@vaio> In-Reply-To: <000001c6eb31$bab05140$6401a8c0@iea4grrtmmd560>
next in thread | previous in thread | raw e-mail | index | archive | help
> However, if > I comment out the PF rule "block in all" then suddenly I can ping > yahoo.com. Why will my server not resolve names (like > yahoo.com) if the > "block in all" statement exists? Why does that statement mess it up? > What am I missing? Please help because I am totally frustrated. > > > > block in all The default block rule should always have logging enabled, no exceptions. It should be block log all The pf logs would have told you straight away what was being dropped and why. On a side note, The default block rule should match both ingress and egress traffic. A system cannot be deemed secure it if implictly allows egress traffic to flow. Greg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000301c6eb6e$b49aeda0$0201a8c0>