PF rules blocking incoming traffic originated from my port 25. - repost witih consistent IP address

[Sam Wun]

Hi guys,

OS: FreeBSD 6.2.

I don't know what happened with my PF rules.
I tried to send email from the webmail installed in this freebsd box.
>From the log, it said my PF rule is blocking:

tcpdump -n -e -ttt -i pflog0
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes
000000 rule 4/0(match): block in on em0: 209.85.217.27.25 >
1.2.3.206.50725: S 1649853456:1649853456(0) ack 2736129674 win 5792
<ms
s 1460,sackOK,timestamp[|tcp]>
2. 994216 rule 4/0(match): block in on em0: 209.85.217.27.25 >
1.2.3.206.50725: S 1649853456:1649853456(0) ack 2736129674 win 5792
<mss 1460,sackOK,timestamp[|tcp]>
971917 rule 4/0(match): block in on em0: 209.85.217.27.25 >
1.2.3.206.50725: S 1649853456:1649853456(0) ack 2736129674 win 5792
<ms
s 1460,sackOK,timestamp[|tcp]>
2. 229844 rule 4/0(match): block in on em0: 209.85.217.27.25 >
1.2.3.206.50725: S 1649853456:1649853456(0) ack 2736129674 win 5792
<mss 1460,sackOK,timestamp[|tcp]>
3. 197738 rule 4/0(match): block in on em0: 209.85.217.27.25 >
1.2.3.206.50725: S 1649853456:1649853456(0) ack 2736129674 win 5792
<mss 1460,sackOK,timestamp[|tcp]>
...

scrub in all fragment reassemble
block drop in log on ! em0 inet from 1.2.3.200/29 to any
block drop in log on ! em0 inet from 1.2.3.200/29 to any
block drop in log inet from 1.2.3.202 to any
block drop in log inet from 1.2.3.206 to any
block drop in log all
block drop in log quick on em0 inet from 127.0.0.0/8 to any
block drop in log quick on em0 inet from 192.168.0.0/16 to any
block drop in log quick on em0 inet from 172.16.0.0/12 to any
block drop in log quick on em0 inet from 10.0.0.0/8 to any
block drop in log quick on em0 inet from 169.254.0.0/16 to any
block drop in log quick on em0 inet from 192.0.2.0/24 to any
block drop in log quick on em0 inet from 0.0.0.0/8 to any
block drop in log quick on em0 inet from 240.0.0.0/4 to any
block drop out log quick on em0 inet from any to 127.0.0.0/8
block drop out log quick on em0 inet from any to 192.168.0.0/16
block drop out log quick on em0 inet from any to 172.16.0.0/12
block drop out log quick on em0 inet from any to 10.0.0.0/8
block drop out log quick on em0 inet from any to 169.254.0.0/16
block drop out log quick on em0 inet from any to 192.0.2.0/24
block drop out log quick on em0 inet from any to 0.0.0.0/8
block drop out log quick on em0 inet from any to 240.0.0.0/4
block drop in log quick on em0 from <blockedip> to any
block drop out log quick on em0 from any to <blockedip>
block drop in log quick on em0 from <droplasso> to any
block drop out log quick on em0 from any to <droplasso>
pass in on em0 inet proto tcp from any to 1.2.3.202 port = ssh keep state
pass in on em0 inet proto tcp from any to 1.2.3.206 port = ssh keep state
pass in on em0 inet proto tcp from any to 1.2.3.202 port = domain keep state
pass in on em0 inet proto tcp from any to 1.2.3.206 port = domain keep state
pass in on em0 inet proto tcp from any to 1.2.3.202 port = imap keep state
pass in on em0 inet proto tcp from any to 1.2.3.206 port = imap keep state
pass in on em0 inet proto tcp from any to 1.2.3.202 port = smtp keep state
pass in on em0 inet proto tcp from any to 1.2.3.206 port = smtp keep state
pass in on em0 inet proto tcp from any to 1.2.3.202 port = https keep state
pass in on em0 inet proto tcp from any to 1.2.3.206 port = https keep state
pass in on em0 inet proto udp from any to 1.2.3.202 port = domain
pass in on em0 inet proto udp from any to 1.2.3.206 port = domain
pass in on em0 inet proto tcp from any to 1.2.3.202 port = 8080 keep state
pass in on em0 inet proto tcp from any to 1.2.3.206 port = 8080 keep state
pass out on em0 proto tcp all keep state
pass out on em0 proto udp all keep state
pass out on em0 inet proto udp from any to any port 33433 >< 33626 keep state