Subject: pf: pass in quick to port 25 still getting blocks
Len Conrad
lconrad at Go2France.com
Fri Jul 9 21:36:22 UTC 2010
pf doing host security
not a whole of rules, and all is working well.
an early rule is:
pass in quick on $ext_if inet proto tcp from any to $ext_if port smtp keep state
and the last rule is:
block in log on $ext_if from any to $ext_if, which logs as:
rule 33/0(match)
in spite of the pass in smtp, rule 33 is still blocking several 1000 SMTP accesses/day, eg:
rule 33/0(match): block in on em0: 74.120.242.172.57093 > x.x.x.x.25: . ack 50 win 46 <nop,nop,timestamp 727203637 3292309473>
rule 33/0(match): block in on em0: 94.179.232.111.8364 > x.x.x.x.25: P 0:6(6) ack 1 win 65438
where the text after the 25: has several different formats.
How is any port 25 access not being passed by the pass smtp rule?
Len
More information about the freebsd-pf
mailing list