Quote:
There is nothing wrong with those rules.
|
My initial rule set below did not allow smtp
Code:
tcpservices = "{ domain, www, smtp, https, 10000 }"
block all
pass proto tcp from any to self port $tcpservices
had to add these two rules below
Code:
# pass smtp
pass in quick on $ext_if proto tcp from any to $ext_if port 25 keep state
pass out quick on $ext_if proto tcp from any to any port 25 keep state
I should not have needed to add the # pass smtp bit .
as regards allowing udp the below rules were already present in my rule set.
Code:
udpservices = "{ domain, ntp }"
pass proto udp to any port $udpservices
pass out on $ext_if proto udp from any to port $udpservices
Quote:
On OpenBSD (flags S/SA) keep state has been the default for quite some time
|
same in FBSD 7 . as the the verbose output even without the keep state in the ruleset flags and keep state is output.
so still puzzled as to what is wrong with the ruleset that I have to add the # pass smtp rules to get smtp working