Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 10 Feb 2007 16:48:52 +0100
From:      Tim T Bos <flyweight@casema.nl>
To:        Erik Norgaard <norgaard@locolomo.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Big problems with PF on freeBSD 6.2
Message-ID:  <45CDE964.5070908@casema.nl>
In-Reply-To: <45CDE180.9050304@locolomo.org>
References:  <45CDB1C3.1080508@casema.nl> <45CDE180.9050304@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi Erik,

I used a GENERIC kernel as well as a custom kernel.
Both have the same behavior.

I even tried a default install without any extra boot options.

ON FreeBSD 5.5 i didn't have this problem.

I'm going to try to log all actions.

I must do something seriously wrong.....

Thanks anyway

Erik Norgaard wrote:
> Tim T Bos wrote:
>> Hi Guys,
>>
>> I have a problem with PF.  Normally when I load pf.ko it uses deny all
>> as default.
>> But if i compile it in the kernel or load it as a module both it
>> won't work.
>> If a have only one rule "block all" or "block all on ext_if" I can still
>> go on the internet and if I portscan my computer i get most ports closed
>> and some by my isp filtered ports (137 139 and some onher MS ports).
>>
>> I tried a clean install of freebsd 6.2 with the latest  stable source
>> ass well.
>
> you mean "as well" :)
>
> Do you use a GENERIC kernel? If you have a custom kernel or try to set
> special options for pf post those options. Also, post any boot options
> that toggle pf behaviour.
>
> The default behaviour of pf is "pass all", I don't remember if there
> is a boot option or similar to change this.
>
> But anyway, I think it is better to go with the default and set your
> desired default action explicitly as the first rule in your rule set.
> Try a GENERIC kernel and see if packets are blocked correctly by a
> "block log all" rule.
>
> In any case, you should add "log" to your rules for debugging, so you
> can see if ruleset is matched and where packets are blocked or passed.
>
> Cheers, Erik
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45CDE964.5070908>