Date: Mon, 22 Sep 2008 08:38:05 -0700 From: Jeremy Chadwick <koitsu@FreeBSD.org> To: Leslie Jensen <leslie@eskk.nu> Cc: freebsd-pf@freebsd.org Subject: Re: IMAP server talks back PF blocks Message-ID: <20080922153805.GA29447@icarus.home.lan> In-Reply-To: <48D7871E.1040902@eskk.nu> References: <48D7871E.1040902@eskk.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 22, 2008 at 01:53:02PM +0200, Leslie Jensen wrote: > When doing > tcpdump -n -e -ttt -i pflog0 > > I frequently see packets blocked that looks like this > > 458660 rule 0/0(match): block in on em0: xxx.yyy.zzz.qqq.993 > > qqq.zzz.yyy.xxx.59930: tcp 8 [bad hdr length 12 - too short, < 20] > > It's the IMAP server I'm using that tries to talk back. Is this > something I should try to let through? The blocks are happening, but you're not able to see the full data in the packet due to the snaplen on tcpdump being too small. Add -s 256 to your tcpdump argument and run it again. It looks to me like you have a rule problem; possibly IMAP+SSL isn't being permitted through, so the block ends up happening as a result of an ambiguous "block in on em0" rule you have. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080922153805.GA29447>