Date: Sat, 10 Feb 2007 13:53:28 -0800 From: "Kian Mohageri" <kian.mohageri@gmail.com> To: "Dan Langille" <dan@langille.org> Cc: freebsd-pf@freebsd.org Subject: Re: pf starts, but no rules Message-ID: <fee88ee40702101353x55c51096ve580f04926836777@mail.gmail.com> In-Reply-To: <45CDED58.2056.1A642A00@dan.langille.org> References: <45CDED58.2056.1A642A00@dan.langille.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/10/07, Dan Langille <dan@langille.org> wrote: > > Hi folks, > > Yesterday I rebooted a server to load a new kernel. After the > reboot, the firewall rules were not loaded. > > $ grep pf /etc/rc.conf > pf_enable="YES" > pflog_enable="YES" > pf_rules="/etc/pf.rules" > > I never checked for the rules until today and found this: > > > > [dan@nyi:~] $ sudo pfctl -sa | less > Password: > No ALTQ support in kernel > ALTQ related functions disabled > FILTER RULES: > > INFO: > Status: Enabled for 0 days 19:59:39 Debug: None > > Hostid: 0x36eae8cf > > State Table Total Rate > current entries 0 > searches 5515422 76.6/s > > etc... > > Loading the rules manually works: > > [dan@nyi:~] $ sudo pfctl -f /etc/pf.rules > No ALTQ support in kernel > ALTQ related functions disabled > [dan@nyi:~] $ > > After loading, pfctl -sa shows the output I would expect. > > Ideas? Suggestions? > > Is anyone else using PF with a pf_rules specified? > > FWIW, I notice I have one host identified by FQDN in my rules. I had this problem as well, and it is because at the time the pf rules are loaded, the FQDN cannot be resolved. I believe that is because of the "BEFORE: routing" dependency in /etc/rc.d/pf. -- Kian Mohageri
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fee88ee40702101353x55c51096ve580f04926836777>