From owner-freebsd-questions@FreeBSD.ORG Fri Dec 7 15:10:47 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D926216A417 for ; Fri, 7 Dec 2007 15:10:47 +0000 (UTC) (envelope-from sh1nny_kn1ght@yahoo.com) Received: from n1.bullet.mail.re4.yahoo.com (n1.bullet.mail.re4.yahoo.com [206.190.56.20]) by mx1.freebsd.org (Postfix) with SMTP id 8FEB213C459 for ; Fri, 7 Dec 2007 15:10:47 +0000 (UTC) (envelope-from sh1nny_kn1ght@yahoo.com) Received: from [68.142.230.28] by n1.bullet.re4.yahoo.com with NNFMP; 07 Dec 2007 14:58:25 -0000 Received: from [216.252.122.219] by t1.bullet.re2.yahoo.com with NNFMP; 07 Dec 2007 14:58:25 -0000 Received: from [69.147.65.155] by t4.bullet.sp1.yahoo.com with NNFMP; 07 Dec 2007 14:58:25 -0000 Received: from [127.0.0.1] by omp403.mail.sp1.yahoo.com with NNFMP; 07 Dec 2007 14:58:25 -0000 X-Yahoo-Newman-Property: ymail-5 X-Yahoo-Newman-Id: 490761.71406.bm@omp403.mail.sp1.yahoo.com Received: (qmail 8406 invoked by uid 60001); 7 Dec 2007 14:51:43 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=j7fufxbgOz/4WzDUDYT9C/K8hvLOux35FE16rolrPRn+vith/v1BrxR5b0GjYgeSTHvTLdiIGGaYxLs4GKJh5lIecFbxu1pZcOOIrjWIJhWPgLsORljE0B+2TLp35RUmJ9nG91nJIxPE7OOkJjaP7xXln5E8Qcp+aAJlp8pkHcY=; X-YMail-OSG: MfwdXDsVM1lEwlMLHJ3houmidzuuacMiNn3pfa5WChpMJbA_Qg6h0LxO.7BFGUs_MrQx1F4RnNcECfYJ4rOGAK3MrvunBSSNlymQ Received: from [41.219.196.97] by web44805.mail.sp1.yahoo.com via HTTP; Fri, 07 Dec 2007 06:51:43 PST Date: Fri, 7 Dec 2007 06:51:43 -0800 (PST) From: shinny knight To: Erik Norgaard , ajtiM In-Reply-To: <47594883.3060304@locolomo.org> MIME-Version: 1.0 Message-ID: <865633.3287.qm@web44805.mail.sp1.yahoo.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: PF firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Dec 2007 15:10:48 -0000 ajtiM wrote: > Hi! > > I am a new FreeBSD 7.0 beta3 user and I have standalone computer connected to > the internet (cable). I use both, console and KDE desktop. I tried to setup > PF firewall for the standalone computer but I have a problem with internal > messages (mail) which are blocked if firewall running. > This is from /var/log/mail: > "sm-msp-queue[15113]: lB493C1i007320: to=root, ctladdr=root (0/0), > delay=1+21:37:55, xdelay=00:00:00, mailer=relay, pri > =2552408, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Operation not > permitted" > > My pf.conf looks like: > > pass out quick inet from (sk0) to any keep state label "RULE 0 -- ACCEPT " > block drop in quick inet all label "RULE 1 -- DROP " > block drop out quick inet all label "RULE 1 -- DROP " > block drop in quick inet all label "RULE 10000 -- DROP " > block drop out quick inet all label "RULE 10000 -- DROP " > > Thanks in advance. Everything on the loopback interface is blocked with this rule set. You will normally want a rule at top like this: pass quick on lo0 all This will pass anything on the loopback interface be it IPv4 or IPv6. Cheers, Erik _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" Hi there, I will recommend you using below rule if you are not planning filtering traffic on loopback: #Skip all PF processing on interface lo0 set skip on lo0 However, if this doed not solve your issue maybe you should paste your pf.conf. This way we could help you further. Cheers, Catalin --------------------------------- Looking for last minute shopping deals? Find them fast with Yahoo! Search.