<..snip..> > 200.46.204.71.53512 > 127.0.0.1.25: S > 2390205679:2390205679(0) win 65535 <mss 1460,nop,wscale 1,[|tcp]> > > 038980 rule 3/0(match): block in on rl0: > 200.46.204.71.65136 > 127.0.0.1.25: S 1802046267:1802046267(0) w > > > > Which of the rules above does rule 3/0(match) refer to? > > It's easier to count the rules this way > Nat/rdr rules: > # pfctl -sn > filter rues: > # pfctl -sr => now look at the 3'rd line > > > @8 pass in log inet proto tcp from any to 216.70.250.4 > port = smtp flags S/SA synproxy state > > @9 pass out log inet proto tcp from 216.70.250.4 to any > port = smtp flags S/SA synproxy state > > @10 pass in log inet proto tcp from 192.168.1.0/24 to > 192.168.1.25 port = smtp flags S/SA synproxy state > > @11 block drop in log all > > There is no quick keyword, so please place @11 before @8 > reload the pf rules and post the output of > 1) pfctl -sn > 2) pfctl -sr > 3) now take again a look with tcpdump -i pflog0 > this makes things easier to count and refer >
Egads, so it was rule #11 that was blocking! I've modified to have #11 appear before #8 and restarted. All appear to be functioning as previously. I don't quite understand why the original pf.conf rules were letting the mail into both port 25 and 8025 prior to the last reboot-- I had #11 after #8 all along! Thanks for your kind assistance! I've made this a supporting document for future troubleshooting activity! ~Best ~Doug _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
