View Single Post
  #1   (View Single Post)  
Old 18th June 2008
aleunix aleunix is offline
Real Name: Alessandro
Spam Deminer
 
Join Date: May 2008
Location: Italy
Posts: 224
Default Problem using pkg with pf enabled

Problem using pkg with pf enabled on FreeBSD 7.0

I have problem with pf enabled.

The first time i have used the same configuration that i adopted on openbsd 4.3.

Subsequently I have reduced the firewall using the example in freebsd 7.0.

When the pf is enabled i can use browser, i can access on my web-mail but i can install or upgrade package with the usual command pkg_add.

I don't understand the problem.

pf.conf
Code:
ext_if="le0"

set skip on lo

scrub in

block in
pass out

antispoof quick for lo
sudo pfctl -sa
Code:
FILTER RULES:
scrub in all fragment reassemble
block drop in all
pass out all flags S/SA keep state
block drop in quick on ! lo inet6 from ::1 to any
block drop in quick on ! lo inet from 127.0.0.0/8 to any
block drop in quick on lo0 inet6 from fe80::1 to any
block drop in quick inet6 from ::1 to any
block drop in quick inet from 127.0.0.1 to any

INFO:
Status: Enabled for 0 days 00:24:20           Debug: Urgent

State Table                          Total             Rate
  current entries                        0               
  searches                            2511            1.7/s
  inserts                              115            0.1/s
  removals                             115            0.1/s
Counters
  match                                261            0.2/s
  bad-offset                             0            0.0/s
  fragment                               0            0.0/s
  short                                  0            0.0/s
  normalize                              0            0.0/s
  memory                                 0            0.0/s
  bad-timestamp                          0            0.0/s
  congestion                             0            0.0/s
  ip-option                              0            0.0/s
  proto-cksum                            0            0.0/s
  state-mismatch                         0            0.0/s
  state-insert                           0            0.0/s
  state-limit                            0            0.0/s
  src-limit                              0            0.0/s
  synproxy                               0            0.0/s

TIMEOUTS:
tcp.first                   120s
tcp.opening                  30s
tcp.established           86400s
tcp.closing                 900s
tcp.finwait                  45s
tcp.closed                   90s
tcp.tsdiff                   30s
udp.first                    60s
udp.single                   30s
udp.multiple                 60s
icmp.first                   20s
icmp.error                   10s
other.first                  60s
other.single                 30s
other.multiple               60s
frag                         30s
interval                     10s
adaptive.start             6000 states
adaptive.end              12000 states
src.track                     0s

LIMITS:
states        hard limit    10000
src-nodes     hard limit    10000
frags         hard limit     5000
tables        hard limit     1000
table-entries hard limit   200000

OS FINGERPRINTS:
696 fingerprints loaded
Reply With Quote