From owner-freebsd-pf@FreeBSD.ORG Mon Nov 3 22:34:24 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 594CEA4A for ; Mon, 3 Nov 2014 22:34:24 +0000 (UTC) Received: from zoom.lafn.org (zoom.lafn.org [108.92.93.123]) by mx1.freebsd.org (Postfix) with ESMTP id 26E4E646 for ; Mon, 3 Nov 2014 22:34:23 +0000 (UTC) Received: from [10.0.1.2] (static-71-177-216-148.lsanca.fios.verizon.net [71.177.216.148]) (authenticated bits=0) by zoom.lafn.org (8.14.7/8.14.7) with ESMTP id sA3MBvvf000628 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 3 Nov 2014 14:11:58 -0800 (PST) (envelope-from bc979@lafn.org) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\)) Subject: Re: Getting tables to work in PF From: Doug Hardie In-Reply-To: Date: Mon, 3 Nov 2014 14:11:57 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: References: To: Dave Horsfall X-Mailer: Apple Mail (2.1990.1) X-Virus-Scanned: clamav-milter 0.98 at zoom.lafn.org X-Virus-Status: Clean Cc: FreeBSD PF List X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 22:34:24 -0000 > On 3 November 2014, at 02:40, Dave Horsfall wrote: >=20 > On Mon, 3 Nov 2014, Ermal Lu=C3=A7i wrote: >=20 >> - Full ruleset if you can disclose >=20 > As attached - no secrets in it. It's somewhat loose because it's = behind=20 > another firewall (the ADSL modem) that just lets = SMTP/HTTP/SSH-secret-port=20 > through to it (I've masked the SSH port). >=20 >> - Make sure with output of pfctl -s all that pf is actually enabled = to=20 >> do filtering on packets. >=20 > Attached; the empty "FILTER RULES" looks a bit suspicious... >=20 >> NOTE: You enable pf by running pfctl -e >=20 > I know; I was using "service pf restart" as well. What happens when you run: pfctl -f /etc/pf.conf I suspect you have something in /etc/rc.conf giving a different file for = the default pf config file. Your pf.conf file has a bunch of rules, = none of which are shown in the pfctl output.=