Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 8 Oct 2006 16:30:23 -0700
From:      "Justin Franks" <jfranks@inetassociation.com>
To:        <freebsd-pf@freebsd.org>
Subject:   Need a little PF help here, please...
Message-ID:  <000001c6eb31$bab05140$6401a8c0@iea4grrtmmd560>

Next in thread | Raw E-Mail | Index | Archive | Help
Have been using PF for over two years and recently ran into "problem"
which I am sure is something I am overlooking. So I need some direction.
Here it is: I recently enabled BIND9 on FreeBSD 6.1. I have PF running
too (PF config below). If I ping yahoo.com nothing happens. However, if
I comment out the PF rule "block in all" then suddenly I can ping
yahoo.com. Why will my server not resolve names (like yahoo.com) if the
"block in all" statement exists? Why does that statement mess it up?
What am I missing? Please help because I am totally frustrated.

 

 

Here is my pf.conf file.

 

table <misc> persist file "/etc/pf-files/misc"

table <spam> persist file "/etc/pf-files/spam"

table <ssh> persist file "/etc/pf-files/ssh"

table <gov> persist file "/etc/pf-files/gov"

table <dod> persist file "/etc/pf-files/dod"

table <fbi> persist file "/etc/pf-files/fbi"

table <cia> persist file "/etc/pf-files/cia"

table <china> persist file "/etc/pf-files/china"

table <hongkong> persist file "/etc/pf-files/hongkong"

table <taiwan> persist file "/etc/pf-files/taiwan"

table <vietnam> persist file "/etc/pf-files/vietnam"

table <argentina> persist file "/etc/pf-files/argentina"

scrub in all

block in all

antispoof for rl0 inet

pass in quick on rl0 proto tcp from any to rl0 port www

pass in quick on rl0 proto udp from any to rl0 port www

block in quick on rl0 proto tcp from <misc> to rl0 port 25

block in quick on rl0 proto tcp from <spam> to rl0 port 25

block in quick on rl0 from <gov> to any

block in quick on rl0 from <dod> to any

block in quick on rl0 from <fbi> to any

block in quick on rl0 from <cia> to any

block in quick on rl0 proto tcp from <china> to rl0 port 25

block in quick on rl0 proto tcp from <hongkong> to rl0 port 25

block in quick on rl0 proto tcp from <taiwan> to rl0 port 25

block in quick on rl0 proto tcp from <vietnam> to rl0 port 25

block in quick on rl0 proto tcp from <argentina> to rl0 port 25

pass in on rl0 proto tcp from any to rl0 port 25

pass in on rl0 proto tcp from any to rl0 port 110

pass in on rl0 proto tcp from <ssh> to rl0 port 22

pass in on rl0 inet proto icmp all icmp-type echoreq

pass out keep state

 

 

 

 

-------------------

Justin 



 




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?000001c6eb31$bab05140$6401a8c0>