On 2008-12-02, Jay Torrini <[EMAIL PROTECTED]> wrote:
> In response to people who keep telling me to allow SMTP out: that has
> not and will not help since no outgoing packets are ever filtered.
>
> A quick check to pflog reveals many such lines:
>
> Dec 02 02:37:42.368333 rule 5/(match) block in on dc0: \
> 68.87.69.146.53 > 192.168.1.102.17175: 41421 NXDomain[|domain] (DF)
> Dec 02 02:37:55.356917 rule 5/(match) block in on dc0: \
> 68.87.78.130.53 > 192.168.1.102.2207: 41421 NXDomain[|domain] (DF)
> Dec 02 02:37:55.691202 rule 5/(match) block in on dc0: \
> 68.87.85.98.53 > 192.168.1.102.33981: 43339 0/1/0 (84) (DF) [tos 0x48]
> Dec 02 02:38:00.729462 rule 5/(match) block in on dc0: \
> 68.87.69.146.53 > 192.168.1.102.30325: 43339 0/1/0 (84) (DF)
> Dec 02 02:38:05.719205 rule 5/(match) block in on dc0: \
> 68.87.78.130.53 > 192.168.1.102.22741: 43339 0/1/0 (84) (DF)
>
>
> This is after opening udp 50 and 53.
>
> At the risk of being a broken record: I really just need to know what to
> let in since nothing is filtered going out.

You don't *pass* any outgoing packets either, so no state is created
to allow the return packets back.

Reply via email to