PF firewall
shinny knight
sh1nny_kn1ght at yahoo.com
Fri Dec 7 07:10:48 PST 2007
ajtiM wrote:
> Hi!
>
> I am a new FreeBSD 7.0 beta3 user and I have standalone computer connected to
> the internet (cable). I use both, console and KDE desktop. I tried to setup
> PF firewall for the standalone computer but I have a problem with internal
> messages (mail) which are blocked if firewall running.
> This is from /var/log/mail:
> "sm-msp-queue[15113]: lB493C1i007320: to=root, ctladdr=root (0/0),
> delay=1+21:37:55, xdelay=00:00:00, mailer=relay, pri
> =2552408, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Operation not
> permitted"
>
> My pf.conf looks like:
>
> pass out quick inet from (sk0) to any keep state label "RULE 0 -- ACCEPT "
> block drop in quick inet all label "RULE 1 -- DROP "
> block drop out quick inet all label "RULE 1 -- DROP "
> block drop in quick inet all label "RULE 10000 -- DROP "
> block drop out quick inet all label "RULE 10000 -- DROP "
>
> Thanks in advance.
Everything on the loopback interface is blocked with this rule set. You
will normally want a rule at top like this:
pass quick on lo0 all
This will pass anything on the loopback interface be it IPv4 or IPv6.
Cheers, Erik
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
Hi there,
I will recommend you using below rule if you are not planning filtering traffic on loopback:
#Skip all PF processing on interface lo0
set skip on lo0
However, if this doed not solve your issue maybe you should paste your pf.conf.
This way we could help you further.
Cheers,
Catalin
---------------------------------
Looking for last minute shopping deals? Find them fast with Yahoo! Search.
More information about the freebsd-questions
mailing list