on the "tcpdump -nettti pflog0" command, should everything match the last two rules, which are:
pass in log quick inet from any to any pass out log quick inet from any to any They were block, but I changed them to pass so I could better see what's going on with live traffic... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jason Dixon Sent: Monday, December 16, 2002 8:42 PM To: PF Mailing List Subject: RE: Very Annoying problem... blocks everything... On Mon, 2002-12-16 at 19:50, Shawn Mitchell wrote: > Dosn't matter what IP address on any interface you ping. All comes back > with the same thing. > > I turned on logging to see what wasn't making and such. I'm seeing DNS > requests getting blocked... > > Routing is not an issue. The packets (ICMP, et al) are getting blocked. > > I do a pfctl -f /etc/pf.conf -e and I can't ping anything... I do a > pfctl -d to turn it off... and everything goes back to working just fine. Sure sounds to me like you're blocking traffic to/from your gateway. I assume you've studied your logs? All of your block rules appear to be logging, so I'm not sure why we haven't seen any mention of what might be (or might not be) appearing in your log. Run "tcpdump -nettti pflog0" as you run your ping tests. That will tell you which rule is causing your headache. Then run "pfctl -s rules | grep <rule #>" to find out which one it is. Honestly, your ruleset is giving *me* headaches just looking at it. Your background with Linux (that's not a rip; hell, I'm an rhce) certainly shows. Try to avoid the default behavior towards quick unless you're really sure that's what you want. You don't need to worry about performance... skip steps really avoids the extra processing overhead. -J.
