From owner-freebsd-pf@FreeBSD.ORG Mon Oct 20 19:25:15 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1ACCB1065680 for ; Mon, 20 Oct 2008 19:25:15 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.freebsd.org (Postfix) with ESMTP id 9DA508FC2E for ; Mon, 20 Oct 2008 19:25:14 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-030-201.pools.arcor-ip.net [88.66.30.201]) by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis) id 0MKwtQ-1Ks0NN2GqM-0000T7; Mon, 20 Oct 2008 21:25:13 +0200 Received: (qmail 37154 invoked from network); 20 Oct 2008 19:25:13 -0000 Received: from fbsd8.laiers.local (192.168.4.151) by ns1.laiers.local with SMTP; 20 Oct 2008 19:25:13 -0000 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Mon, 20 Oct 2008 21:25:12 +0200 User-Agent: KMail/1.10.1 (FreeBSD/8.0-CURRENT; KDE/4.1.1; i386; ; ) References: <184b087c0810201125y20714aa9y276d26a9e7e8a3b1@mail.gmail.com> In-Reply-To: <184b087c0810201125y20714aa9y276d26a9e7e8a3b1@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200810202125.12758.max@love2party.net> X-Provags-ID: V01U2FsdGVkX19vOfurBdxzaZxArMiSMgjlVhZ0uBmj4KhmIRI xnJKDIAqw+nCPLlz/hlvDL4jiVt6fZ3qR0629MlDphKk+8b++E 4bQbS/8wa9Xy3JEFsDKqQ== Cc: Subject: Re: my firewall doesn't work X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Oct 2008 19:25:15 -0000 On Monday 20 October 2008 20:25:24 Chen Xu wrote: > 1. FreeBSD 5.3-release-p26 This is no longer supported ... and hasn't been for a long time. There is absolutely no point in running this code on a firewall! Update and report back if the problem still exists. On a general note: In order to debug a pf ruleset, you should add a log-directive to all block rules and watch pflog0 for blocked packets. Then you decide if this packet should have passed and if so, you add a pass rule to allow that traffic (or track down why the rule you have in place didn't trigger). -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News