On Sun, 11 Dec 2011 22:57:12 -0500
Jim Seymour <jseym...@linxnet.com> wrote:
> On Sun, 11 Dec 2011 20:03:59 -0500 (EST)
> Wietse Venema <wie...@porcupine.org> wrote:
>
> > Wietse Venema:
> > > > bge1 @0:24 b <my_outside_ip>,25 -> 89.73.201.168,36545 PR
> > > > tcp len 20 40 -AR OUT
> > >
> > > Why are you blocking outbound TCP RST?
[snip]
>
> > -AR means the ACK and RST flags are set.
> > My question is why is your firewall blocking outbound ACK|RST?
>
> I'm using basically "canned" rulesets in my ipfilter setup. That is
> the default deny at the end of bge1's output filters.
>
> I must've messed-up, somewhere. I'll take a look in the morning.
[snip]
Looking at it with fresh eyes, fortified by a cup of coffee :), if I
messed-up, I'll be darned if I can see where. The firewall rules
related to this couldn't be more straight-forward:
.
.
.
pass out quick on bge1 proto tcp from any to any port = 25 keep state
.
.
.
block out log first quick on bge1 all
That's it.
Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
