From owner-freebsd-questions@FreeBSD.ORG  Sun Sep 19 13:44:33 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 79CA416A4CE
	for <questions@freebsd.org>; Sun, 19 Sep 2004 13:44:33 +0000 (GMT)
Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 54AF143D31
	for <questions@freebsd.org>; Sun, 19 Sep 2004 13:44:33 +0000 (GMT)
	(envelope-from europax@comcast.net)
Received: from [192.168.1.101]
	(c-67-169-203-186.client.comcast.net[67.169.203.186])
	by comcast.net (rwcrmhc11) with ESMTP
	id <20040919134433013008mdfee>          (Authid: europax);
	Sun, 19 Sep 2004 13:44:33 +0000
Message-ID: <414D8D78.6090807@comcast.net>
Date: Sun, 19 Sep 2004 06:45:28 -0700
From: Rob <europax@comcast.net>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20040816
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: questions@freebsd.org
Content-Type: multipart/mixed;
 boundary="------------030305050305090607040906"
Subject: IP Firewall blocks cvsup
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Sep 2004 13:44:33 -0000

This is a multi-part message in MIME format.
--------------030305050305090607040906
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Seems to work with everything else incl. ftp.  What am I doing wrong? 
Thanks,   Rob.

--------------030305050305090607040906
Content-Type: text/plain;
 name="ipf.rules"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="ipf.rules"

block in log all
pass out all

pass out on lo all
pass in on lo all

pass out quick on bfe0 proto tcp/udp from any to any port > 1024

pass in quick on bfe0 proto icmp all icmp-type 0
pass in quick on bfe0 proto icmp all icmp-type 3
pass in quick on bfe0 proto icmp all icmp-type 11

block in on bfe0 proto tcp all flags S/SA
block out on bfe0 proto tcp all flags SA/SA

pass in quick on bfe0 proto tcp from any to any port = 22 flags S/SA keep state
pass in quick on bfe0 proto tcp from any to any port = 25 flags S/SA keep state

pass out on bfe0 proto tcp all keep state

block return-rst in on bfe0 proto tcp from any to any port = 113

pass in on bfe0 proto tcp/udp from any port = 53 to any
pass in on bfe0 proto tcp/udp from any port = 67 to any 
pass out on bfe0 proto tcp/udp from any port = 68 to any
pass in on bfe0 proto tcp from any port = 80 to any

#block out quick on bfe0 proto tcp from any port 5999><6011 to any
#block out quick on bfe0 proto tcp from any port 5899><5911 to any
#block out quick on bfe0 from any port = 2049 to any
#block out quick on bfe0 from any port 136><140 to any

--------------030305050305090607040906--