View Single Post
  #4   (View Single Post)  
Old 7th November 2008
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 336
Default

I'm not sure how new PF is on PC-BSD. When you run pfctl -s rules, do you see stuff like flags S/SA and keep state in them? If not, you will have to add them, especially the keep state directives. Add 'log' to the block all rule and run a tcpdump on pflog0 to see what actually gets blocked (you'll have to take 'log' out of that pass rule, or it'll confuse you)..

P.S. add set skip on lo0 - things may break without it; if you trust everything on your local network, add set skip on bge0 as well.

Last edited by DutchDaemon; 7th November 2008 at 02:24 AM.
Reply With Quote