From owner-freebsd-current@FreeBSD.ORG Fri Sep 4 20:52:22 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AD39D1065670 for ; Fri, 4 Sep 2009 20:52:22 +0000 (UTC) (envelope-from lists@rhavenn.net) Received: from smtp194.dfw.emailsrvr.com (smtp194.dfw.emailsrvr.com [67.192.241.194]) by mx1.freebsd.org (Postfix) with ESMTP id 7D9938FC08 for ; Fri, 4 Sep 2009 20:52:22 +0000 (UTC) Received: from relay9.relay.dfw.mlsrvr.com (localhost [127.0.0.1]) by relay9.relay.dfw.mlsrvr.com (SMTP Server) with ESMTP id 187DA13D331A for ; Fri, 4 Sep 2009 16:52:22 -0400 (EDT) Received: by relay9.relay.dfw.mlsrvr.com (Authenticated sender: rhavenn-AT-rhavenn.net) with ESMTPSA id F139113D32C1 for ; Fri, 4 Sep 2009 16:52:21 -0400 (EDT) Received: by alucard.int.rhavenn.net (Postfix, from userid 1000) id BB81511428D; Fri, 4 Sep 2009 12:52:20 -0800 (AKDT) Date: Fri, 4 Sep 2009 12:52:20 -0800 From: Henrik Hudson To: freebsd-current@freebsd.org Message-ID: <20090904205220.GA6647@alucard.int.rhavenn.net> References: <20090904165930.GA4160@alucard.int.rhavenn.net> <20090904201132.GA17378@srv.home.kreklow.us> <20090904203439.GA6431@alucard.int.rhavenn.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20090904203439.GA6431@alucard.int.rhavenn.net> User-Agent: Mutt/1.5.20 (2009-06-14) Subject: Re: PF rules not loading X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Sep 2009 20:52:22 -0000 On Fri, 04 Sep 2009, Henrik Hudson wrote: > On Fri, 04 Sep 2009, Collin Kreklow wrote: > > > On Fri, Sep 04, 2009 at 08:59:30AM -0800, Henrik Hudson wrote: > > > Hey List, > > > > > > I just finishing supping to 8-BETA3 and after a reboot I noticed > > > that my PF rules weren't loading and hence NAT wasn't working for > > > internal clients, not to mention no firewall :) > > > > > > This might not be specific to BETA3, but it's the first time I > > > noticed it concretely. I did have a power outage last week where > > > after a poweron I had to run pfctl -f /etc/pf.conf to get NAT working > > > again. This was under BETA2. > > > > At the time when the pf script runs during boot, all the network > > interfaces may not be fully configured. It is likely that your pf.conf > > includes rules that pf can't calculate because one or more network > > interfaces are not yet configured. I had to change my pf.conf to > > hard-code the IP ranges instead of using :network to get my rules to > > load on boot. Also make sure your script is using (xl0) where > > appropriate. > > It's possible. However, I'm pretty sure the ruleset worked correctly > on the initial install and it's a ruleset I've used on plenty of > different gateway servers with a similar hardware setup. > > However, I did just finish building another 8-BETA3 x64 box and it > works fine, so maybe something fluky is going on with the server > crash due to the power outage. > > I will investiage further. Thanks. *ding* *ding* we have a winner. I had added a rule which required a DNS lookup for port forwarding in torrent traffic to an internal host. Thanks. Henrik -- Henrik Hudson lists@rhavenn.net ----------------------------------------- "God, root, what is difference?" Pitr; UF