Hi Erik, I used a GENERIC kernel as well as a custom kernel. Both have the same behavior.
I even tried a default install without any extra boot options. ON FreeBSD 5.5 i didn't have this problem. I'm going to try to log all actions. I must do something seriously wrong..... Thanks anyway Erik Norgaard wrote: > Tim T Bos wrote: >> Hi Guys, >> >> I have a problem with PF. Normally when I load pf.ko it uses deny all >> as default. >> But if i compile it in the kernel or load it as a module both it >> won't work. >> If a have only one rule "block all" or "block all on ext_if" I can still >> go on the internet and if I portscan my computer i get most ports closed >> and some by my isp filtered ports (137 139 and some onher MS ports). >> >> I tried a clean install of freebsd 6.2 with the latest stable source >> ass well. > > you mean "as well" :) > > Do you use a GENERIC kernel? If you have a custom kernel or try to set > special options for pf post those options. Also, post any boot options > that toggle pf behaviour. > > The default behaviour of pf is "pass all", I don't remember if there > is a boot option or similar to change this. > > But anyway, I think it is better to go with the default and set your > desired default action explicitly as the first rule in your rule set. > Try a GENERIC kernel and see if packets are blocked correctly by a > "block log all" rule. > > In any case, you should add "log" to your rules for debugging, so you > can see if ruleset is matched and where packets are blocked or passed. > > Cheers, Erik > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
