From owner-freebsd-current@FreeBSD.ORG Fri Sep 4 20:34:47 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0EA40106566C for ; Fri, 4 Sep 2009 20:34:47 +0000 (UTC) (envelope-from lists@rhavenn.net) Received: from smtp194.dfw.emailsrvr.com (smtp194.dfw.emailsrvr.com [67.192.241.194]) by mx1.freebsd.org (Postfix) with ESMTP id E04C48FC13 for ; Fri, 4 Sep 2009 20:34:46 +0000 (UTC) Received: from relay9.relay.dfw.mlsrvr.com (localhost [127.0.0.1]) by relay9.relay.dfw.mlsrvr.com (SMTP Server) with ESMTP id 98E3A13D338A for ; Fri, 4 Sep 2009 16:34:46 -0400 (EDT) Received: by relay9.relay.dfw.mlsrvr.com (Authenticated sender: rhavenn-AT-rhavenn.net) with ESMTPSA id 7DEE913D3385 for ; Fri, 4 Sep 2009 16:34:41 -0400 (EDT) Received: by alucard.int.rhavenn.net (Postfix, from userid 1000) id EE31111428D; Fri, 4 Sep 2009 12:34:39 -0800 (AKDT) Date: Fri, 4 Sep 2009 12:34:39 -0800 From: Henrik Hudson To: freebsd-current@freebsd.org Message-ID: <20090904203439.GA6431@alucard.int.rhavenn.net> References: <20090904165930.GA4160@alucard.int.rhavenn.net> <20090904201132.GA17378@srv.home.kreklow.us> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20090904201132.GA17378@srv.home.kreklow.us> User-Agent: Mutt/1.5.20 (2009-06-14) Subject: Re: PF rules not loading X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Sep 2009 20:34:47 -0000 On Fri, 04 Sep 2009, Collin Kreklow wrote: > On Fri, Sep 04, 2009 at 08:59:30AM -0800, Henrik Hudson wrote: > > Hey List, > > > > I just finishing supping to 8-BETA3 and after a reboot I noticed > > that my PF rules weren't loading and hence NAT wasn't working for > > internal clients, not to mention no firewall :) > > > > This might not be specific to BETA3, but it's the first time I > > noticed it concretely. I did have a power outage last week where > > after a poweron I had to run pfctl -f /etc/pf.conf to get NAT working > > again. This was under BETA2. > > At the time when the pf script runs during boot, all the network > interfaces may not be fully configured. It is likely that your pf.conf > includes rules that pf can't calculate because one or more network > interfaces are not yet configured. I had to change my pf.conf to > hard-code the IP ranges instead of using :network to get my rules to > load on boot. Also make sure your script is using (xl0) where > appropriate. It's possible. However, I'm pretty sure the ruleset worked correctly on the initial install and it's a ruleset I've used on plenty of different gateway servers with a similar hardware setup. However, I did just finish building another 8-BETA3 x64 box and it works fine, so maybe something fluky is going on with the server crash due to the power outage. I will investiage further. Thanks. Henrik -- Henrik Hudson lists@rhavenn.net ----------------------------------------- "God, root, what is difference?" Pitr; UF