Date: Mon, 3 Nov 2014 14:11:57 -0800 From: Doug Hardie <bc979@lafn.org> To: Dave Horsfall <dave@horsfall.org> Cc: FreeBSD PF List <freebsd-pf@freebsd.org> Subject: Re: Getting tables to work in PF Message-ID: <BD387CA3-84BE-4BA1-8943-BD77539D8E08@lafn.org> In-Reply-To: <alpine.BSF.2.00.1411032123560.1220@aneurin.horsfall.org> References: <alpine.BSF.2.00.1411031433070.1220@aneurin.horsfall.org> <CAPBZQG2b7=iiGLsj-vtuiaWRUJ-Gk6n9JwCXxVjCMeVEqsuing@mail.gmail.com> <alpine.BSF.2.00.1411032002560.1220@aneurin.horsfall.org> <CAPBZQG2DKNGSGRNu8%2BMAdEtyH5vj85dpxRUY2kMwDOZ44f7PJA@mail.gmail.com> <alpine.BSF.2.00.1411032123560.1220@aneurin.horsfall.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 3 November 2014, at 02:40, Dave Horsfall <dave@horsfall.org> wrote: > > On Mon, 3 Nov 2014, Ermal Luçi wrote: > >> - Full ruleset if you can disclose > > As attached - no secrets in it. It's somewhat loose because it's behind > another firewall (the ADSL modem) that just lets SMTP/HTTP/SSH-secret-port > through to it (I've masked the SSH port). > >> - Make sure with output of pfctl -s all that pf is actually enabled to >> do filtering on packets. > > Attached; the empty "FILTER RULES" looks a bit suspicious... > >> NOTE: You enable pf by running pfctl -e > > I know; I was using "service pf restart" as well. What happens when you run: pfctl -f /etc/pf.conf I suspect you have something in /etc/rc.conf giving a different file for the default pf config file. Your pf.conf file has a bunch of rules, none of which are shown in the pfctl output.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BD387CA3-84BE-4BA1-8943-BD77539D8E08>