Date: Fri, 30 Nov 2012 14:17:28 +0100 From: Laszlo Danielisz <laszlo_danielisz@yahoo.com> To: Tiago Felipe <tfgoncalves@yahoo.com.br> Cc: freebsd-pf@freebsd.org Subject: Re: pfctl -s rules Message-ID: <983A61AAA3A744F78601A2488F54CF85@yahoo.com> In-Reply-To: <50B8A92C.5090500@yahoo.com.br> References: <49BF4308335C496593D1D7C82391C805@yahoo.com> <FE4E0127-F5A8-49C4-9BE3-814DAC35329A@my.gd> <50B8A47E.8060604@yahoo.com.br> <9A9FCC5B-CAB2-4EF6-A0FD-2356D9997658@my.gd> <50B8A92C.5090500@yahoo.com.br>
index | next in thread | previous in thread | raw e-mail
Thank you very much for your help! pf is loaded to the kernel: ktulu# kldstat|grep pf 38 1 0xc4b41000 3000 pflog.ko 39 1 0xc4b44000 35000 pf.ko and pfctl -vnf /etc/pf.conf did work, though I don't want to paste here the whole result :) Here is the output of grep ktulu# grep pf /etc/rc.conf #pf pf_enable="YES" pf_rules="/etc/pf.conf" pf_flags="" pflog_enable="YES" pflog_logfile="/var/log/pflog" pflog_flags="" I wonder why it doesn't start on boot time? -- Laszlo Danielisz Sent with Sparrow (http://www.sparrowmailapp.com/?sig) On 2012 November 30 Friday at 1:40 PM, Tiago Felipe wrote: > On 11/30/2012 10:23 AM, Fleuriot Damien wrote: > > On Nov 30, 2012, at 1:20 PM, Tiago Felipe<tfgoncalves@yahoo.com.br (mailto:tfgoncalves@yahoo.com.br)> wrote: > > > > > On 11/30/2012 09:02 AM, Fleuriot Damien wrote: > > > > On Nov 30, 2012, at 12:00 PM, Laszlo Danielisz<laszlo_danielisz@yahoo.com (mailto:laszlo_danielisz@yahoo.com)> wrote: > > > > > > > > > Hi Everybody, > > > > > > > > > > Recently I've discover the following issues: I can't display my firewalls rules, and the firewall is enabled. > > > > > Take a look what is happening: > > > > > > > > > > ktulu# pfctl -s rules > > > > > No ALTQ support in kernel > > > > > ALTQ related functions disabled > > > > > ktulu# pfctl -e > > > > > No ALTQ support in kernel > > > > > ALTQ related functions disabled > > > > > pfctl: pf already enabled > > > > > > > > > > ktulu# uname -a > > > > > FreeBSD ktulu.danielisz.eu 8.3-RELEASE-p3 FreeBSD 8.3-RELEASE-p3 #0: Mon Jun 11 23:52:38 UTC 2012 root@i386-builder.daemonology.net (mailto:root@i386-builder.daemonology.net):/usr/obj/usr/src/sys/GENERIC i386 > > > > > > > > > > > > > > > > > > > > Do you have any idea why I can not see them? > > > > > > > > > > Thx! > > > > > Laszlo > > > > > > > > > > > > > > > > > Actually, I believe you can see your rules, all the 0 of them. > > > > > > > > Try pfctl -nf /etc/pf.conf > > > > > > > > See if you have an error when loading the rules, that would explain it all. > > > > > > > > _______________________________________________ > > > > freebsd-pf@freebsd.org (mailto:freebsd-pf@freebsd.org) mailing list > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > > > > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org (mailto:freebsd-pf-unsubscribe@freebsd.org)" > > > > > > > > > > # pfctl -s all > > > > > > the device is loaded? > > > > > > # kldload pf.ko > > > > > > or recompile the kernel > > > > > > device pf > > > device pflog > > > device pfsync > > > > > > after that reload the rules wtih # pfctl -nf /etc/pf.conf and see if change something. > > > > > > sorry, my english sux. > > > > > > -- > > > Att, > > > Tiago Felipe Gonçalves. > > > Gerente de Infraestrutura de TI. > > > +55 19 99196494 > > > > > > > > > His pfctl -si shows pf is enabled so either the module loaded fine, or he has device pf in his kernel config. > > > > I'm waiting for both his snip from /etc/rc.conf and pfctl -vnf /etc/pf.conf ;) > > > > Also note that pfctl -nf /etc/pf.conf doesn't actually load the rules, the -n flag makes it only parse the rules and show errors. > sorry for my failure with -n flag, i've seen mistakes on small > things,not cost check =] > but -nf will show errors, rc.conf will be useful and pfctl -s all, give > us a lot of info about. > > -- > Att, > Tiago. > > _______________________________________________ > freebsd-pf@freebsd.org (mailto:freebsd-pf@freebsd.org) mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org (mailto:freebsd-pf-unsubscribe@freebsd.org)" > >home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?983A61AAA3A744F78601A2488F54CF85>