Subject: pf: pass in quick to port 25 still getting some blocks
Jon Radel
jon at radel.com
Fri Jul 2 23:36:07 UTC 2010
On 7/2/10 5:25 PM, Len Conrad wrote:
> setting up pf on fbsd 7.2 for host security on a mail gateway.
>
> the only rule for port 25 is:
>
> pass in quick on em0 inet proto tcp from any to $ext_if port = smtp flags S/SA keep state
>
> and then last rule:
>
> block drop in log on em0 inet from any to $ext_if
>
> while 1000s of connections to port 25 are getting through with the pass rule, several 100 connections are getting blocked with the default block rule, bypassing the pass rule.
>
> I can't see how pf is selecting these connections to be blocked.
>
>
In what sense are the packets that are getting blocked part of a
connection? Are you sure the blocked packets are actually a legitimate
first packet, with the appropriate flags set, or is the "flags S/SA"
portion of your rule not matching?
--
--Jon Radel
jon at radel.com
More information about the freebsd-questions
mailing list