Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 05 Oct 2007 17:05:57 +0200
From:      Peo Nilsson <per-olof.nilsson@comhem.se>
To:        FreeBSD quest-list <freebsd-questions@freebsd.org>
Subject:   Can't get pf to work
Message-ID:  <1191596757.1184.16.camel@zeus.se>
next in thread | raw e-mail | index | archive | help 

--=-dq7I/nMQPWxe3FVuQMCN
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Dear list.

I'm trying to configure pf on FreeBSD 6.2-release
with no success. Is there anyone that has time and
can give me a clue for what I'm doing wrong?

This is what I have done:

1) /etc/rc.conf:
pf_enable=3D"YES"                 # Enable PF (load module if required)
pf_rules=3D"/etc/pf.conf"         # rules definition file for pf
pf_flags=3D""                     # additional flags for pfctl startup
pflog_enable=3D"YES"              # start pflogd(8)
pflog_logfile=3D"/var/log/pflog"  # where pflogd should store the logfile
pflog_flags=3D""                  # additional flags for pflogd startup

2) /etc/pf.conf:
----------------------------------------------------------------------
...<snap>
# 1. Macros
lo =3D lo0	# loopback device
ext =3D nve0	# networkcard

# 2. Tables

# 3. Options
set block-policy drop
set optimization aggresive
set loginterface $ext

# 4. Packet normalization
scrub in on $ext all

# 5. Queueing.

# 6. Translation.

# 7. Filtering.
pass quick on $lo all		# Don't block loopback traffic
antispoof for { $lo, $ext }	# Antispoof
block in on $ext all 	  	# Block all incoming as default
block out on $ext all		# Block all outgoing as default

# Eof
...<snap>
-----------------------------------------------------------------

3) kldstat says:

 7    1 0xc4b1c000 3000     pflog.ko
 8    1 0xc4b26000 2d000    pf.ko



As far as I get it, I shouldn't be able to enter the internet as it is,
but nothing is blocked and I can check my mail and so. What have I
missed ?

--=20
/Peo

--=-dq7I/nMQPWxe3FVuQMCN
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)

iD8DBQBHBlLPgWSfflYlIbwRAsBPAKCgiqMe0+qe7c1AIJVGjrGLGslQ+wCggwaV
JZybIjtHuTjUYb5EpgcFcCw=
=b5BZ
-----END PGP SIGNATURE-----

--=-dq7I/nMQPWxe3FVuQMCN--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1191596757.1184.16.camel>