PF firewall

shinny knight sh1nny_kn1ght at
Fri Dec 7 07:10:48 PST 2007

ajtiM wrote:
> Hi!
> I am a new FreeBSD 7.0 beta3 user and I have standalone computer connected to 
> the internet (cable). I use both, console and KDE desktop. I tried to setup 
> PF firewall for the standalone computer but I have a problem with internal 
> messages (mail) which are blocked if firewall running.
> This is from /var/log/mail:
> "sm-msp-queue[15113]: lB493C1i007320: to=root, ctladdr=root (0/0), 
> delay=1+21:37:55, xdelay=00:00:00, mailer=relay, pri
> =2552408, relay=[], dsn=4.0.0, stat=Deferred: Operation not 
> permitted"
> My pf.conf looks like:
> pass out quick inet from (sk0) to any keep state label "RULE 0 -- ACCEPT "
> block drop in quick inet all label "RULE 1 -- DROP "
> block drop out quick inet all label "RULE 1 -- DROP "
> block drop in quick inet all label "RULE 10000 -- DROP "
> block drop out quick inet all label "RULE 10000 -- DROP "
> Thanks in advance.

Everything on the loopback interface is blocked with this rule set. You 
will normally want a rule at top like this:

pass quick on lo0 all

This will pass anything on the loopback interface be it IPv4 or IPv6.

Cheers, Erik
freebsd-questions at mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at"
Hi there,
  I will recommend you using below rule if you are not planning filtering traffic on loopback:
  #Skip all PF processing on interface lo0
set skip on lo0

  However, if this doed not solve your issue maybe you should paste your pf.conf.
  This way we could help you further.

Looking for last minute shopping deals?  Find them fast with Yahoo! Search.

More information about the freebsd-questions mailing list