From owner-freebsd-pf@FreeBSD.ORG  Sat Mar 11 01:55:19 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 25A5216A428
	for <freebsd-pf@freebsd.org>; Sat, 11 Mar 2006 01:55:19 +0000 (GMT)
	(envelope-from raymond.jacob@navy.mil)
Received: from gate15-norfolk.nmci.navy.mil (gate15-norfolk.nmci.navy.mil
	[138.162.5.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 957224F521
	for <freebsd-pf@freebsd.org>; Fri, 10 Mar 2006 23:13:36 +0000 (GMT)
	(envelope-from raymond.jacob@navy.mil)
Received: from naeanrfkms03.nmci.navy.mil by gate15-norfolk.nmci.navy.mil
	via smtpd (for mx1.freebsd.org [216.136.204.125]) with ESMTP;
	Fri, 10 Mar 2006 23:13:35 +0000
Received: (private information removed)
Received: from no.name.available by naeanrfkfw10c.nmci.navy.mil
	via smtpd (for insidesmtp2.nmci.navy.mil [10.16.0.170]) with ESMTP;
	Thu, 9 Mar 2006 14:41:14 +0000
Received: (private information removed)
Received: (private information removed)
Received: (private information removed)
X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 10 Mar 2006 18:12:38 -0500
Message-ID: <653C8E7D21FB654997909E77C691053F446ADB@NAEAWNYDEX21VA.nadsusea.nads.navy.mil>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Two(2) questions regarding quick and adding rules later.
Thread-Index: AcZEmCAXOHyC8MvBQc6G5xQGKtM7Pw==
From: "Jacob, Raymond A Jr" <raymond.jacob@navy.mil>
To: <freebsd-pf@freebsd.org>
X-OriginalArrivalTime: 10 Mar 2006 23:12:39.0591 (UTC)
	FILETIME=[2065FB70:01C64498]
Subject: Two(2) questions regarding quick and adding rules later.
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Mar 2006 01:55:19 -0000

O/S FreeBsd 6.0

All traffic blocked unless I use quick.
tcpdump -n -e -ttt -r /var/log/pflog=20
showed traffic was blocked by the last rule unless I added quick to pass =
rules.
I thought the matching rules would have overiden the block rule?

One more question: bundle0 is composed of two(2) interfaces bonded =
together.
Is there away to bring up the firewall when all the physical interfaces =
are up
and then once for the bundle0 interface is up add :
public_if =3D "bundle0"
pass in quick on $public_if all

to the rules in memory?

I have the following working(obfiscated) pf.conf in my =
/usr/home/bigdaddy directory
=3D=3D=3D=3D=3Dpf.conf=3D=3D=3D=3D

dns_servers =3D "{ X , Y ,  Z }"
mngmt_if=3D "myi0"
mngmt_net=3D "xx.yy.zz.0/24"
public_if =3D "bundle0"
ids =3D "A"
port3 =3D "4444"
allowed_ports =3D "{" "port1, port2," $port3 "}"
set loginterface  $mngmt_if

pass in quick on $public_if all


pass in log-all quick on $mngmt_if proto tcp from $mngmt_net to $ids =
port $allowed_ports keep state=20
pass out log-all quick on $mngmt_if proto {tcp,udp} from $ids to =
$dns_servers port 53 keep state
pass in log-all quick on $mngmt_if proto icmp from  $mngmt_net to $ids   =
icmp-type 8 code 0 keep state

pass out log-all quick on $mngmt_if proto icmp from $ids  to any  =
icmp-type 8 code 0 keep state

pass  out log-all quick  on $mngmt_if proto { tcp, udp } all keep state

block in log-all on $mngmt_if all
block out log-all on $mngmt_if all
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

kldload  shows pf.ko loaded

When I boot, my rc.conf file has
pf_enable=3D"YES"
pf_flags=3D"-d"