I'm not sure how new PF is on PC-BSD. When you run pfctl -s rules, do you see stuff like flags S/SA and keep state in them? If not, you will have to add them, especially the keep state directives. Add 'log' to the block all rule and run a tcpdump on pflog0 to see what actually gets blocked (you'll have to take 'log' out of that pass rule, or it'll confuse you)..
P.S. add set skip on lo0 - things may break without it; if you trust everything on your local network, add set skip on bge0 as well.
Last edited by DutchDaemon; 7th November 2008 at 02:24 AM.
|