View Single Post
  #5   (View Single Post)  
Old 29th October 2008
ijk ijk is offline
Fdisk Soldier
 
Join Date: Jun 2008
Posts: 47
Default

Quote:
There is nothing wrong with those rules.
My initial rule set below did not allow smtp
Code:
tcpservices = "{ domain, www, smtp, https, 10000 }"
block all
pass proto tcp from any to self port $tcpservices
had to add these two rules below
Code:
# pass smtp
pass in quick on $ext_if proto tcp from any to $ext_if port 25 keep state
pass out quick on $ext_if proto tcp from any to any port 25 keep state
I should not have needed to add the # pass smtp bit .

as regards allowing udp the below rules were already present in my rule set.
Code:
udpservices = "{ domain, ntp }"
pass proto udp to any port $udpservices
pass out on $ext_if proto udp from any to port $udpservices
Quote:
On OpenBSD (flags S/SA) keep state has been the default for quite some time
same in FBSD 7 . as the the verbose output even without the keep state in the ruleset flags and keep state is output.

so still puzzled as to what is wrong with the ruleset that I have to add the # pass smtp rules to get smtp working
__________________
Freebsd 7 64 bit apache2.2 php5 mysql5
Reply With Quote