From owner-freebsd-pf@FreeBSD.ORG Thu Mar 31 22:54:23 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 406CB16A4CE for ; Thu, 31 Mar 2005 22:54:23 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id D394543D54 for ; Thu, 31 Mar 2005 22:54:22 +0000 (GMT) (envelope-from pergesu@gmail.com) Received: by wproxy.gmail.com with SMTP id 69so699325wri for ; Thu, 31 Mar 2005 14:54:22 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=LCVFkmTTyWKsBLHnMQHEmneVSUKjatJqRhC4Qf5tXhB1hGTpMGIudN0U5Sa+EsYf1OFh3BIgVBuhb+R0jVozw3MiupIiCorG9SO9jeMeT9kTCDTkftAVclyiycQmc7OrDwD5CoCPPLnz+6vwC6Y7bZB1E5Tm0pkqY/DV/lChmSI= Received: by 10.54.3.35 with SMTP id 35mr1439610wrc; Thu, 31 Mar 2005 14:54:22 -0800 (PST) Received: by 10.54.42.28 with HTTP; Thu, 31 Mar 2005 14:54:22 -0800 (PST) Message-ID: <810a540e0503311454589ae1cc@mail.gmail.com> Date: Thu, 31 Mar 2005 15:54:22 -0700 From: Pat Maddox To: freebsd-pf@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Problem with PF X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Pat Maddox List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Mar 2005 22:54:23 -0000 I just got a new server with FreeBSD 5.3 installed, tried to set up PF, and am getting an error when I try to parse the file. I updated to patch release 6, hoping that might solve things, but I still get the error. Here's the error itself: pfctl: ifa_load: pfi_get_ifaces: Bad file descriptor And now for pf.conf: # ------- pf.conf skeleton for server # # --------------- MACRO Section ----------------- EXT_IF="rl0" PING = "echoreq" # --- allowed incoming services initiated by clients TCP_IN = "{ ssh }" #UDP_IN = "{ }" # --- allowed services initiated by server TCP_OUT = "{ ssh, ftp, http, ntp, 5999 }" UDP_OUT = "{ domain, ntp }" # ------------------ TABLE Section -------------- # ------------------ OPTIONS Section set loginterface $EXT_IF # --------- TRAFFIC NORMALIZATION ---------------- scrub in all # ---------- TRANSLATION Section (NAT/RDR) # ---------- FILTER section # --- DEFAULT POLICY block log all # --- LOOPBACK pass quick on lo0 all # ======================= INCOMING ================ # ----------- EXTERNAL INTERFACE # --- TCP pass in quick on $EXT_IF inet proto tcp from any to $EXT_IF port $TCP_IN flags S/SA keep state # --- UDP #pass in quick on $EXT_IF inet proto udp from any to $EXT_IF port $UDP_IN keep state # --- ICMP pass in quick on $EXT_IF inet proto icmp from any to $EXT_IF icmp-type $PING keep state # ======================= OUTGOING ================ # ----------- EXTERNAL INTERFACE # --- TCP pass out quick on $EXT_IF inet proto tcp from $EXT_IF to any port $TCP_OUT flags S/SA keep state # --- UDP pass out quick on $EXT_IF inet proto udp from $EXT_IF to any port $UDP_OUT keep state # --- ICMP pass out quick on $EXT_IF inet proto icmp from $EXT_IF to any icmp-type $PING keep state # ----------------- end of pf.conf