From owner-freebsd-pf@FreeBSD.ORG Sat Feb 10 21:36:19 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 99BF716A503 for ; Sat, 10 Feb 2007 21:36:19 +0000 (UTC) (envelope-from dan@langille.org) Received: from supernews.unixathome.org (supernews.unixathome.org [216.168.29.4]) by mx1.freebsd.org (Postfix) with ESMTP id 855AB13C47E for ; Sat, 10 Feb 2007 21:36:19 +0000 (UTC) (envelope-from dan@langille.org) Received: from localhost (localhost [127.0.0.1]) by supernews.unixathome.org (Postfix) with ESMTP id 7EC5D17028 for ; Sat, 10 Feb 2007 13:05:49 -0800 (PST) X-Virus-Scanned: amavisd-new at unixathome.org Received: from supernews.unixathome.org ([127.0.0.1]) by localhost (supernews.unixathome.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 25W24DZClvKd for ; Sat, 10 Feb 2007 13:05:45 -0800 (PST) Received: from bast.unixathome.org (bast.unixathome.org [74.104.199.163]) by supernews.unixathome.org (Postfix) with ESMTP id 34D1917020 for ; Sat, 10 Feb 2007 13:05:45 -0800 (PST) Received: from [10.55.0.99] (wocker.unixathome.org [10.55.0.99]) by bast.unixathome.org (Postfix) with ESMTP id D040DB89A for ; Sat, 10 Feb 2007 16:05:44 -0500 (EST) From: "Dan Langille" To: freebsd-pf@freebsd.org Date: Sat, 10 Feb 2007 16:05:44 -0500 MIME-Version: 1.0 Message-ID: <45CDED58.2056.1A642A00@dan.langille.org> Priority: normal X-mailer: Pegasus Mail for Windows (4.41) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Subject: pf starts, but no rules X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Feb 2007 21:36:19 -0000 Hi folks, Yesterday I rebooted a server to load a new kernel. After the reboot, the firewall rules were not loaded. $ grep pf /etc/rc.conf pf_enable="YES" pflog_enable="YES" pf_rules="/etc/pf.rules" I never checked for the rules until today and found this: [dan@nyi:~] $ sudo pfctl -sa | less Password: No ALTQ support in kernel ALTQ related functions disabled FILTER RULES: INFO: Status: Enabled for 0 days 19:59:39 Debug: None Hostid: 0x36eae8cf State Table Total Rate current entries 0 searches 5515422 76.6/s etc... Loading the rules manually works: [dan@nyi:~] $ sudo pfctl -f /etc/pf.rules No ALTQ support in kernel ALTQ related functions disabled [dan@nyi:~] $ After loading, pfctl -sa shows the output I would expect. Ideas? Suggestions? Is anyone else using PF with a pf_rules specified? FWIW, I notice I have one host identified by FQDN in my rules. -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php PGCon - The PostgreSQL Conference - http://www.pgcon.org/