From owner-freebsd-current@FreeBSD.ORG Fri Sep 4 17:16:49 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 00C27106566B for ; Fri, 4 Sep 2009 17:16:49 +0000 (UTC) (envelope-from lists@rhavenn.net) Received: from smtp144.dfw.emailsrvr.com (smtp144.dfw.emailsrvr.com [67.192.241.144]) by mx1.freebsd.org (Postfix) with ESMTP id D5E0F8FC1C for ; Fri, 4 Sep 2009 17:16:48 +0000 (UTC) Received: from relay4.relay.dfw.mlsrvr.com (localhost [127.0.0.1]) by relay4.relay.dfw.mlsrvr.com (SMTP Server) with ESMTP id 89F7710CBF52 for ; Fri, 4 Sep 2009 12:59:32 -0400 (EDT) Received: by relay4.relay.dfw.mlsrvr.com (Authenticated sender: rhavenn-AT-rhavenn.net) with ESMTPSA id 6E81E10CBE72 for ; Fri, 4 Sep 2009 12:59:32 -0400 (EDT) Received: by alucard.int.rhavenn.net (Postfix, from userid 1000) id 0863B11428D; Fri, 4 Sep 2009 08:59:30 -0800 (AKDT) Date: Fri, 4 Sep 2009 08:59:30 -0800 From: Henrik Hudson To: freebsd-current@freebsd.org Message-ID: <20090904165930.GA4160@alucard.int.rhavenn.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-06-14) Subject: PF rules not loading X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Sep 2009 17:16:49 -0000 Hey List, I just finishing supping to 8-BETA3 and after a reboot I noticed that my PF rules weren't loading and hence NAT wasn't working for internal clients, not to mention no firewall :) This might not be specific to BETA3, but it's the first time I noticed it concretely. I did have a power outage last week where after a poweron I had to run pfctl -f /etc/pf.conf to get NAT working again. This was under BETA2. uname: FreeBSD cerberus.domain.local 8.0-BETA3 FreeBSD 8.0-BETA3 #1: Fri Sep 4 02:35:38 AKDT 2009 root@cerberus.domain.local:/usr/obj/usr/src/sys/CERBERUS amd64 The kernel is 99% stock with the only changes being the IDENT and adding PF and ALTQ specific items. rc.conf: #firewall -pf pf_enable="YES" # Set to YES to enable packet filter (pf) pf_rules="/etc/pf.conf" # rules definition file for pf pf_program="/sbin/pfctl" # where the pfctl program lives pf_flags="" # additional flags for pfctl pflog_enable="YES" # Set to YES to enable packet filter logging pflog_logfile="/var/log/pflog" # where pflogd should store the logfile pflog_program="/sbin/pflogd" # where the pflogd program lives pflog_flags="" # additional flags for pflogd pfsync_enable="NO" # Expose pf state to other hosts for syncing pfsync_syncdev="" # Interface for pfsync to work through pfsync_ifconfig="" # Additional options to ifconfig(8) for pfsync Manually running /etc/rc.d/pf start works fine and doesn't show any errors. Any further steps to troubleshoot this / check this? hardware is a atom based mobo with the onboad re0 and then a xl0 PCI card. re0 is internal facing and the xl0 is a DHCP external from my ISP. Henrik -- Henrik Hudson lists@rhavenn.net ----------------------------------------- "God, root, what is difference?" Pitr; UF