From owner-freebsd-pf@FreeBSD.ORG Wed Jul 9 18:55:38 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 619411065670 for ; Wed, 9 Jul 2008 18:55:38 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from hawk.thalamus.net (hawk.thalamus.net [212.31.160.3]) by mx1.freebsd.org (Postfix) with ESMTP id 1BB788FC21 for ; Wed, 9 Jul 2008 18:55:38 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from localhost (localhost.thalamus.net [127.0.0.1]) by hawk.thalamus.net (Postfix) with ESMTP id 59A121EE84A for ; Wed, 9 Jul 2008 20:29:22 +0200 (CEST) X-Virus-Scanned: by amavisd-new at thalamus.net X-Spam-Flag: NO X-Spam-Score: 2.288 X-Spam-Level: ** X-Spam-Status: No, score=2.288 tagged_above=-999 required=4.2 tests=[AWL=-0.881, HELO_LH_HOME=3.169] Received: from hawk.thalamus.net ([127.0.0.1]) by localhost (hawk.thalamus.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JQeRlaOl01VA for ; Wed, 9 Jul 2008 20:29:13 +0200 (CEST) Received: from lesbsdpc.homenet.home (c-195-216-040-164.static.bjare.net [195.216.40.164]) by hawk.thalamus.net (Postfix) with ESMTP id 9E3381EE865 for ; Wed, 9 Jul 2008 20:29:13 +0200 (CEST) Message-ID: <48750381.1030004@eskk.nu> Date: Wed, 09 Jul 2008 20:29:21 +0200 From: Leslie Jensen User-Agent: Thunderbird 2.0.0.14 (X11/20080610) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2008 18:55:38 -0000 Hello When I boot the machine where pf is installed, every thing I can see looks ok. It's hard to read the text scrolling on the screen and the information concerning pf is not to be found in /var/log/messages. Anyway I have one PC on the inside and it takes some time before it's able to reach the outside world. I can speed up the process by making a change to pf.conf and then use the command pfctl -f /etc/pf.conf. Another thing I see is that for example I add log (all) to one of my filters and do pfctl -f /etc/pf.conf, then later I remove it again and do pfctl -f /etc/pf.conf. The output from tcpdump -n -e -ttt -i pflog0 still shows packages as if it had not refreshed and still have the "log (all)" active. I know my problems is a little bit unclear but I hope someone will help my solving this behaviour in the right way. Thanks /Leslie ----------- My pf.conf -------------------- # macros int_if="xl0" ext_if="bfe0" tcp_services="{ 22 }" tcp_priv_services="{ 389, 443 }" icmp_types="echoreq" # tables table { something.somewhere.com, somethingelse.somewhere.com, xxx.yyy.zzz.qqq } # options set block-policy return set loginterface $ext_if set skip on lo0 # scrub scrub in # ext_if IP address could be dynamic, hence ($ext_if) nat on $ext_if from !($ext_if) to any -> ($ext_if) # filter rules block in log (all) on $ext_if pass out keep state # Let the goodguys access the machine from the outside pass in on $ext_if inet proto tcp from to ($ext_if) \ port $tcp_services flags S/SA keep state # ICMP traffic needs to be passed: pass inet proto icmp all icmp-type $icmp_types keep state # traffic must be passed to and from the internal network pass in quick on $int_if --------------------------------------------