From owner-freebsd-pf@FreeBSD.ORG Fri Nov 30 12:43:17 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 13F8D2EF for ; Fri, 30 Nov 2012 12:43:17 +0000 (UTC) (envelope-from tfgoncalves@yahoo.com.br) Received: from nm14-vm0.bullet.mail.bf1.yahoo.com (nm14-vm0.bullet.mail.bf1.yahoo.com [98.139.213.164]) by mx1.freebsd.org (Postfix) with ESMTP id A10158FC08 for ; Fri, 30 Nov 2012 12:43:15 +0000 (UTC) Received: from [98.139.215.141] by nm14.bullet.mail.bf1.yahoo.com with NNFMP; 30 Nov 2012 12:40:18 -0000 Received: from [98.139.213.13] by tm12.bullet.mail.bf1.yahoo.com with NNFMP; 30 Nov 2012 12:40:18 -0000 Received: from [127.0.0.1] by smtp113.mail.bf1.yahoo.com with NNFMP; 30 Nov 2012 12:40:18 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com.br; s=s1024; t=1354279218; bh=F9ib5XaHh0v7c15HUk3yUdYmAMb4zw4tLLqSxWWbS88=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type; b=22k01/OPE3vi46y0C0gfjxYYjkzpqz+MvSb7hI8N3m0j1UfepT7O2KMgAVtsrdE0plFVTtV7kzMFgAQPsTMYf6KnIE9J3QPPSIrbc8t43pMH56KtfJkAjbHQKyCgcELk4iZ8srIo/s9AkZN4/tQ8X05QPyAZBWA1HbsHRNmS5LU= X-Yahoo-Newman-Id: 574865.60808.bm@smtp113.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: 5gveWVkVM1lDQaEgNfPikjJOm_rp3uBCWCn5WVIg.qx10VA bOODEw3NncUPUM4LahQll9o_6eBbkSrlwxZdBJinG3vyz43aw4S1SwWcrS66 2LXkGsXAAXo.ne7sa69EFrtpxTLe.B.IdKS2fPG6obvPwFyEvv.IGxmlNpXp XgUcomPFbUFaee7v0x3hzVecsHM92Q.mIjHNo9LDZzTKTEy1ViXmyfDDRQhu 6EO0Xs1PdPwdQChMVzCbv9gKIcJLxsI3Q.b3yb0ziS4sXXc3Sp1_jrjSVf3o 3Od8FXimnmHbHhhTqWsvYFpK05_VKPCQuVx3jeWA4snBGmTe_mZsJtbNEA6R 73ghtD8njecTlP78thC0RM03lPGbdS.Up4BoDAd4HHxv8q6xVT7o2VqzDv9z QWPVdFVxxjQ5nutqVUSlNcx0FlpxCORSTV7ZG4JgTr4L6e.B3N.UT9NK5s7E 57.V0Jc7xUs1wH2wyJ_ZZwW5bTbyFkXJMcIRieMT9uW2vdGkunWHDJm5oJAO vBsM59HkniWAJE6CVl.7CcA-- X-Yahoo-SMTP: yejC.yGswBDzcY.VmwcuyKwGCegnB.Xy Received: from [186.250.58.220] (tfgoncalves@186.250.58.220 with plain) by smtp113.mail.bf1.yahoo.com with SMTP; 30 Nov 2012 04:40:18 -0800 PST Message-ID: <50B8A92C.5090500@yahoo.com.br> Date: Fri, 30 Nov 2012 10:40:12 -0200 From: Tiago Felipe User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.10) Gecko/20121027 Icedove/10.0.10 MIME-Version: 1.0 To: Fleuriot Damien Subject: Re: pfctl -s rules References: <49BF4308335C496593D1D7C82391C805@yahoo.com> <50B8A47E.8060604@yahoo.com.br> <9A9FCC5B-CAB2-4EF6-A0FD-2356D9997658@my.gd> In-Reply-To: <9A9FCC5B-CAB2-4EF6-A0FD-2356D9997658@my.gd> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Nov 2012 12:43:17 -0000 On 11/30/2012 10:23 AM, Fleuriot Damien wrote: > On Nov 30, 2012, at 1:20 PM, Tiago Felipe wrote: > >> On 11/30/2012 09:02 AM, Fleuriot Damien wrote: >>> On Nov 30, 2012, at 12:00 PM, Laszlo Danielisz wrote: >>> >>>> Hi Everybody, >>>> >>>> Recently I've discover the following issues: I can't display my firewalls rules, and the firewall is enabled. >>>> Take a look what is happening: >>>> >>>> ktulu# pfctl -s rules >>>> No ALTQ support in kernel >>>> ALTQ related functions disabled >>>> ktulu# pfctl -e >>>> No ALTQ support in kernel >>>> ALTQ related functions disabled >>>> pfctl: pf already enabled >>>> >>>> ktulu# uname -a >>>> FreeBSD ktulu.danielisz.eu 8.3-RELEASE-p3 FreeBSD 8.3-RELEASE-p3 #0: Mon Jun 11 23:52:38 UTC 2012 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 >>>> >>>> >>>> >>>> Do you have any idea why I can not see them? >>>> >>>> Thx! >>>> Laszlo >>> >>> Actually, I believe you can see your rules, all the 0 of them. >>> >>> Try pfctl -nf /etc/pf.conf >>> >>> See if you have an error when loading the rules, that would explain it all. >>> >>> _______________________________________________ >>> freebsd-pf@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >> # pfctl -s all >> >> the device is loaded? >> >> # kldload pf.ko >> >> or recompile the kernel >> >> device pf >> device pflog >> device pfsync >> >> after that reload the rules wtih # pfctl -nf /etc/pf.conf and see if change something. >> >> sorry, my english sux. >> >> -- >> Att, >> Tiago Felipe Gonçalves. >> Gerente de Infraestrutura de TI. >> +55 19 99196494 > > His pfctl -si shows pf is enabled so either the module loaded fine, or he has device pf in his kernel config. > > I'm waiting for both his snip from /etc/rc.conf and pfctl -vnf /etc/pf.conf ;) > > Also note that pfctl -nf /etc/pf.conf doesn't actually load the rules, the -n flag makes it only parse the rules and show errors. > sorry for my failure with -n flag, i've seen mistakes on small things,not cost check =] but -nf will show errors, rc.conf will be useful and pfctl -s all, give us a lot of info about. -- Att, Tiago.