From owner-freebsd-questions@FreeBSD.ORG Fri Oct 5 15:00:29 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B17D016A419 for ; Fri, 5 Oct 2007 15:00:29 +0000 (UTC) (envelope-from per-olof.nilsson@comhem.se) Received: from ch-smtp01.sth.basefarm.net (ch-smtp01.sth.basefarm.net [80.76.149.212]) by mx1.freebsd.org (Postfix) with ESMTP id 399C513C4B0 for ; Fri, 5 Oct 2007 15:00:29 +0000 (UTC) (envelope-from per-olof.nilsson@comhem.se) Received: from c83-249-37-37.bredband.comhem.se ([83.249.37.37]:63738) by ch-smtp01.sth.basefarm.net with esmtp (Exim 4.66) (envelope-from ) id 1IdofE-0005Vz-4X for freebsd-questions@freebsd.org; Fri, 05 Oct 2007 17:00:28 +0200 From: Peo Nilsson To: FreeBSD quest-list Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-dq7I/nMQPWxe3FVuQMCN" Date: Fri, 05 Oct 2007 17:05:57 +0200 Message-Id: <1191596757.1184.16.camel@zeus.se> Mime-Version: 1.0 X-Mailer: Evolution 2.10.3 FreeBSD GNOME Team Port X-Originating-IP: 83.249.37.37 X-Scan-Result: No virus found in message 1IdofE-0005Vz-4X. X-Scan-Signature: ch-smtp01.sth.basefarm.net 1IdofE-0005Vz-4X d11ec332af897e59207636268d02c849 Subject: Can't get pf to work X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Oct 2007 15:00:29 -0000 --=-dq7I/nMQPWxe3FVuQMCN Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Dear list. I'm trying to configure pf on FreeBSD 6.2-release with no success. Is there anyone that has time and can give me a clue for what I'm doing wrong? This is what I have done: 1) /etc/rc.conf: pf_enable=3D"YES" # Enable PF (load module if required) pf_rules=3D"/etc/pf.conf" # rules definition file for pf pf_flags=3D"" # additional flags for pfctl startup pflog_enable=3D"YES" # start pflogd(8) pflog_logfile=3D"/var/log/pflog" # where pflogd should store the logfile pflog_flags=3D"" # additional flags for pflogd startup 2) /etc/pf.conf: ---------------------------------------------------------------------- ... # 1. Macros lo =3D lo0 # loopback device ext =3D nve0 # networkcard # 2. Tables # 3. Options set block-policy drop set optimization aggresive set loginterface $ext # 4. Packet normalization scrub in on $ext all # 5. Queueing. # 6. Translation. # 7. Filtering. pass quick on $lo all # Don't block loopback traffic antispoof for { $lo, $ext } # Antispoof block in on $ext all # Block all incoming as default block out on $ext all # Block all outgoing as default # Eof ... ----------------------------------------------------------------- 3) kldstat says: 7 1 0xc4b1c000 3000 pflog.ko 8 1 0xc4b26000 2d000 pf.ko As far as I get it, I shouldn't be able to enter the internet as it is, but nothing is blocked and I can check my mail and so. What have I missed ? --=20 /Peo --=-dq7I/nMQPWxe3FVuQMCN Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQBHBlLPgWSfflYlIbwRAsBPAKCgiqMe0+qe7c1AIJVGjrGLGslQ+wCggwaV JZybIjtHuTjUYb5EpgcFcCw= =b5BZ -----END PGP SIGNATURE----- --=-dq7I/nMQPWxe3FVuQMCN--