Date: Fri, 1 May 2009 18:29:05 +1000 From: Sam Wun <swun2010@gmail.com> To: freebsd-pf@freebsd.org Subject: PF rules blocking incoming traffic originated from my port 25. Message-ID: <736c47cb0905010129k18f834aex9f1484cbf1f7e02e@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi guys, OS: FreeBSD 6.2. I don't know what happened with my PF rules. I tried to send email from the webmail installed in this freebsd box. >From the log, it said my PF rule is blocking: tcpdump -n -e -ttt -i pflog0 tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes 000000 rule 4/0(match): block in on em0: 209.85.217.27.25 > 1.2.3.206.50725: S 1649853456:1649853456(0) ack 2736129674 win 5792 <ms s 1460,sackOK,timestamp[|tcp]> 2. 994216 rule 4/0(match): block in on em0: 209.85.217.27.25 > 1.2.3.206.50725: S 1649853456:1649853456(0) ack 2736129674 win 5792 <mss 1460,sackOK,timestamp[|tcp]> 971917 rule 4/0(match): block in on em0: 209.85.217.27.25 > 1.2.3.206.50725: S 1649853456:1649853456(0) ack 2736129674 win 5792 <ms s 1460,sackOK,timestamp[|tcp]> 2. 229844 rule 4/0(match): block in on em0: 209.85.217.27.25 > 1.2.3.206.50725: S 1649853456:1649853456(0) ack 2736129674 win 5792 <mss 1460,sackOK,timestamp[|tcp]> 3. 197738 rule 4/0(match): block in on em0: 209.85.217.27.25 > 1.2.3.206.50725: S 1649853456:1649853456(0) ack 2736129674 win 5792 <mss 1460,sackOK,timestamp[|tcp]> ... My PF rules shown as below: scrub in all fragment reassemble block drop in log on ! em0 inet from 1.2.3.4/29 to any block drop in log on ! em0 inet from 1.2.3.6/29 to any block drop in log inet from 1.2.3.4 to any block drop in log inet from 1.2.3.6 to any block drop in log all block drop in log quick on em0 inet from 127.0.0.0/8 to any block drop in log quick on em0 inet from 192.168.0.0/16 to any block drop in log quick on em0 inet from 172.16.0.0/12 to any block drop in log quick on em0 inet from 10.0.0.0/8 to any block drop in log quick on em0 inet from 169.254.0.0/16 to any block drop in log quick on em0 inet from 192.0.2.0/24 to any block drop in log quick on em0 inet from 0.0.0.0/8 to any block drop in log quick on em0 inet from 240.0.0.0/4 to any block drop out log quick on em0 inet from any to 127.0.0.0/8 block drop out log quick on em0 inet from any to 192.168.0.0/16 block drop out log quick on em0 inet from any to 172.16.0.0/12 block drop out log quick on em0 inet from any to 10.0.0.0/8 block drop out log quick on em0 inet from any to 169.254.0.0/16 block drop out log quick on em0 inet from any to 192.0.2.0/24 block drop out log quick on em0 inet from any to 0.0.0.0/8 block drop out log quick on em0 inet from any to 240.0.0.0/4 block drop in log quick on em0 from <blockedip> to any block drop out log quick on em0 from any to <blockedip> block drop in log quick on em0 from <droplasso> to any block drop out log quick on em0 from any to <droplasso> pass in on em0 inet proto tcp from any to 125.255.112.202 port = ssh keep state pass in on em0 inet proto tcp from any to 125.255.112.206 port = ssh keep state pass in on em0 inet proto tcp from any to 125.255.112.202 port = domain keep state pass in on em0 inet proto tcp from any to 125.255.112.206 port = domain keep state pass in on em0 inet proto tcp from any to 125.255.112.202 port = imap keep state pass in on em0 inet proto tcp from any to 125.255.112.206 port = imap keep state pass in on em0 inet proto tcp from any to 125.255.112.202 port = smtp keep state pass in on em0 inet proto tcp from any to 125.255.112.206 port = smtp keep state pass in on em0 inet proto tcp from any to 125.255.112.202 port = https keep state pass in on em0 inet proto tcp from any to 125.255.112.206 port = https keep state pass in on em0 inet proto udp from any to 125.255.112.202 port = domain pass in on em0 inet proto udp from any to 125.255.112.206 port = domain pass in on em0 inet proto tcp from any to 125.255.112.202 port = 8080 keep state pass in on em0 inet proto tcp from any to 125.255.112.206 port = 8080 keep state pass out on em0 proto tcp all keep state pass out on em0 proto udp all keep state pass out on em0 inet proto udp from any to any port 33433 >< 33626 keep state Can anybody please shed some lights on this problem? Thanks
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?736c47cb0905010129k18f834aex9f1484cbf1f7e02e>