PF firewall
Erik Norgaard
norgaard at locolomo.org
Fri Dec 7 05:20:08 PST 2007
ajtiM wrote:
> Hi!
>
> I am a new FreeBSD 7.0 beta3 user and I have standalone computer connected to
> the internet (cable). I use both, console and KDE desktop. I tried to setup
> PF firewall for the standalone computer but I have a problem with internal
> messages (mail) which are blocked if firewall running.
> This is from /var/log/mail:
> "sm-msp-queue[15113]: lB493C1i007320: to=root, ctladdr=root (0/0),
> delay=1+21:37:55, xdelay=00:00:00, mailer=relay, pri
> =2552408, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Operation not
> permitted"
>
> My pf.conf looks like:
>
> pass out quick inet from (sk0) to any keep state label "RULE 0 -- ACCEPT "
> block drop in quick inet all label "RULE 1 -- DROP "
> block drop out quick inet all label "RULE 1 -- DROP "
> block drop in quick inet all label "RULE 10000 -- DROP "
> block drop out quick inet all label "RULE 10000 -- DROP "
>
> Thanks in advance.
Everything on the loopback interface is blocked with this rule set. You
will normally want a rule at top like this:
pass quick on lo0 all
This will pass anything on the loopback interface be it IPv4 or IPv6.
Cheers, Erik
More information about the freebsd-questions
mailing list