Problem using pkg with pf enabled on FreeBSD 7.0
I have problem with pf enabled.
The first time i have used the same configuration that i adopted on openbsd 4.3.
Subsequently I have reduced the firewall using the example in freebsd 7.0.
When the pf is enabled i can use browser, i can access on my web-mail but i can install or upgrade package with the usual command pkg_add.
I don't understand the problem.
pf.conf
Code:
ext_if="le0"
set skip on lo
scrub in
block in
pass out
antispoof quick for lo
sudo pfctl -sa
Code:
FILTER RULES:
scrub in all fragment reassemble
block drop in all
pass out all flags S/SA keep state
block drop in quick on ! lo inet6 from ::1 to any
block drop in quick on ! lo inet from 127.0.0.0/8 to any
block drop in quick on lo0 inet6 from fe80::1 to any
block drop in quick inet6 from ::1 to any
block drop in quick inet from 127.0.0.1 to any
INFO:
Status: Enabled for 0 days 00:24:20 Debug: Urgent
State Table Total Rate
current entries 0
searches 2511 1.7/s
inserts 115 0.1/s
removals 115 0.1/s
Counters
match 261 0.2/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 0 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
TIMEOUTS:
tcp.first 120s
tcp.opening 30s
tcp.established 86400s
tcp.closing 900s
tcp.finwait 45s
tcp.closed 90s
tcp.tsdiff 30s
udp.first 60s
udp.single 30s
udp.multiple 60s
icmp.first 20s
icmp.error 10s
other.first 60s
other.single 30s
other.multiple 60s
frag 30s
interval 10s
adaptive.start 6000 states
adaptive.end 12000 states
src.track 0s
LIMITS:
states hard limit 10000
src-nodes hard limit 10000
frags hard limit 5000
tables hard limit 1000
table-entries hard limit 200000
OS FINGERPRINTS:
696 fingerprints loaded