Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 30 Nov 2012 13:23:16 +0100
From:      Fleuriot Damien <ml@my.gd>
To:        Tiago Felipe <tfgoncalves@yahoo.com.br>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: pfctl -s rules
Message-ID:  <9A9FCC5B-CAB2-4EF6-A0FD-2356D9997658@my.gd>
In-Reply-To: <50B8A47E.8060604@yahoo.com.br>
References:  <49BF4308335C496593D1D7C82391C805@yahoo.com> <FE4E0127-F5A8-49C4-9BE3-814DAC35329A@my.gd> <50B8A47E.8060604@yahoo.com.br>
index | next in thread | previous in thread | raw e-mail 


On Nov 30, 2012, at 1:20 PM, Tiago Felipe <tfgoncalves@yahoo.com.br> wrote:

> On 11/30/2012 09:02 AM, Fleuriot Damien wrote:
>> On Nov 30, 2012, at 12:00 PM, Laszlo Danielisz<laszlo_danielisz@yahoo.com>  wrote:
>> 
>>> Hi Everybody,
>>> 
>>> Recently I've discover the following issues: I can't display my firewalls rules, and the firewall is enabled.
>>> Take a look what is happening:
>>> 
>>> ktulu# pfctl -s rules
>>> No ALTQ support in kernel
>>> ALTQ related functions disabled
>>> ktulu# pfctl -e
>>> No ALTQ support in kernel
>>> ALTQ related functions disabled
>>> pfctl: pf already enabled
>>> 
>>> ktulu# uname -a
>>> FreeBSD ktulu.danielisz.eu 8.3-RELEASE-p3 FreeBSD 8.3-RELEASE-p3 #0: Mon Jun 11 23:52:38 UTC 2012     root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386
>>> 
>>> 
>>> 
>>> Do you have any idea why I can not see them?
>>> 
>>> Thx!
>>> Laszlo
>> 
>> 
>> Actually, I believe you can see your rules, all the 0 of them.
>> 
>> Try pfctl -nf /etc/pf.conf
>> 
>> See if you have an error when loading the rules, that would explain it all.
>> 
>> _______________________________________________
>> freebsd-pf@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
> # pfctl -s all
> 
> the device is loaded?
> 
> # kldload pf.ko
> 
> or recompile the kernel
> 
> device pf
> device pflog
> device pfsync
> 
> after that reload the rules wtih # pfctl -nf /etc/pf.conf and see if change something.
> 
> sorry, my english sux.
> 
> -- 
> Att,
> Tiago Felipe Gonçalves.
> Gerente de Infraestrutura de TI.
> +55 19 99196494


His pfctl -si shows pf is enabled so either the module loaded fine, or he has device pf in his kernel config.

I'm waiting for both his snip from /etc/rc.conf and pfctl -vnf /etc/pf.conf ;)

Also note that pfctl -nf /etc/pf.conf doesn't actually load the rules, the -n flag makes it only parse the rules and show errors.
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9A9FCC5B-CAB2-4EF6-A0FD-2356D9997658>