|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
pf started blocking everything
From: Andreas Kähäri (ak
freeshell.org)
Date: Wed Jul 09 2003 - 08:53:53 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all,
I just updated my source and recompiled my kernel only to find
that pf started blocking everything going in or out over fxp0.
The filters I use look like this (from "pfctl -s rules"):
scrub in all fragment reassemble
block return log all
pass quick on lo0 all
block drop in log quick on fxp0 inet from 127.0.0.0/8 to any
block drop in log quick on fxp0 inet from 192.168.0.0/16 to any
block drop in log quick on fxp0 inet from 172.16.0.0/12 to any
block drop in log quick on fxp0 inet from 10.0.0.0/8 to any
block drop out log quick on fxp0 inet from any to 127.0.0.0/8
block drop out log quick on fxp0 inet from any to 192.168.0.0/16
block drop out log quick on fxp0 inet from any to 172.16.0.0/12
block drop out log quick on fxp0 inet from any to 10.0.0.0/8
pass in log on fxp0 inet proto tcp from any to (fxp0) port = ssh flags S/SA keep state
pass in log on fxp0 inet proto tcp from any to (fxp0) port = www flags S/SA keep state
pass in log inet proto icmp all icmp-type echoreq keep state
pass in log inet proto icmp all icmp-type timex keep state
pass out log on fxp0 proto tcp all flags S/SA modulate state
pass out log on fxp0 proto udp all keep state
pass out log on fxp0 proto icmp all keep state
Does anyone see anything strange with this? Doing some logging
shows that it's only ever the first block that matches even
though it's not "quick".
Ideas? Did I miss something?
--
Andreas Kähäri
Essex, England
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]