current-users: ipf blocking traffic

Subject: ipf blocking traffic
To: None <current-users@netbsd.org>
From: Martti Kuparinen <martti.kuparinen@iki.fi>
List: current-users
Date: 02/03/2005 17:22:07

Hi!

I'm having problems with ipf on NetBSD 2.0.1 (with ip_state rev 1.3
applied to disable broken oow checks). These kind of entries show
up in syslog:


Feb  3 16:56:51 xxx ipmon[349]: 16:56:51.069126 wm0 @0:5 b 
xxx[xxx.xxx.xxx.xxx],62968 -> xxx[xxx.xxx.xxx.xxx],imap PR tcp len 20 67 
-AP OUT
Feb  3 16:56:51 xxx ipmon[349]: 16:56:51.069138 wm0 @0:5 b 
xxx[xxx.xxx.xxx.xxx],62968 -> xxx[xxx.xxx.xxx.xxx],imap PR tcp len 20 52 
-AF OUT
Feb  3 16:56:52 xxx ipmon[349]: 16:56:52.060007 wm0 @0:5 b 
xxx[xxx.xxx.xxx.xxx],62968 -> xxx[xxx.xxx.xxx.xxx],imap PR tcp len 20 67 
-AFP OUT


Here's my ruleset for outgoing packets:

pass out quick on lo0 from any to any
pass out quick proto tcp from any to any flags S keep state keep frags
pass out quick proto udp from any to any keep state keep frags
pass out quick proto icmp from any to any icmp-type echo keep state
block out log quick all


Any ideas why these packets were blocked?

Martti