PF Issue with Blocking

[jperalta]

I'm currently running PF on FreeBSD 8.2-STABLE. My current PF rules look like...

block in
block out on $ext_if all
pass out on $ext_if inet proto tcp from ($ext_if) queue ( std_out, tcp_ack_out )
pass out on $ext_if inet proto { udp icmp } from ($ext_if)
pass out on $ext_if inet proto { tcp udp } from ($ext_if) to port domain queue dns_out

pass in quick on $int_if no state
pass out on $int_if from $int_if to ($int_if:network)
pass out on $int_if proto { tcp udp } from port domain to ($int_if:network) queue dns_in
pass out on $int_if to 192.168.1.21 queue x360

When I add

block out on $int_if all

before the first pass out rule for $int_if none of my LAN computers can access either the server or the internet any longer.

Any help with this would be most appreciated. Thanks.

 

[SirDice]

There's no state for traffic that travels through the firewall.

 

[jperalta]

Awesome. Thanks.