Date: Fri, 30 Nov 2012 14:17:28 +0100 From: Laszlo Danielisz <laszlo_danielisz@yahoo.com> To: Tiago Felipe <tfgoncalves@yahoo.com.br> Cc: freebsd-pf@freebsd.org Subject: Re: pfctl -s rules Message-ID: <983A61AAA3A744F78601A2488F54CF85@yahoo.com> In-Reply-To: <50B8A92C.5090500@yahoo.com.br> References: <49BF4308335C496593D1D7C82391C805@yahoo.com> <FE4E0127-F5A8-49C4-9BE3-814DAC35329A@my.gd> <50B8A47E.8060604@yahoo.com.br> <9A9FCC5B-CAB2-4EF6-A0FD-2356D9997658@my.gd> <50B8A92C.5090500@yahoo.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you very much for your help=21 =20 pf is loaded to the kernel: ktulu=23 kldstat=7Cgrep pf =20 38 1 0xc4b41000 3000 pflog.ko 39 1 0xc4b44000 35000 pf.ko and pfctl -vnf /etc/pf.conf did work, though I don't want to paste here t= he whole result :) Here is the output of grep ktulu=23 grep pf /etc/rc.conf =20 =23pf pf=5Fenable=3D=22YES=22 pf=5Frules=3D=22/etc/pf.conf=22 pf=5Fflags=3D=22=22 pflog=5Fenable=3D=22YES=22 pflog=5Flogfile=3D=22/var/log/pflog=22 pflog=5Fflags=3D=22=22 I wonder why it doesn't start on boot time=3F -- =20 Laszlo Danielisz Sent with Sparrow (http://www.sparrowmailapp.com/=3Fsig) On 2012 November 30 =46riday at 1:40 PM, Tiago =46elipe wrote: > On 11/30/2012 10:23 AM, =46leuriot Damien wrote: > > On Nov 30, 2012, at 1:20 PM, Tiago =46elipe<tfgoncalves=40yahoo.com.b= r (mailto:tfgoncalves=40yahoo.com.br)> wrote: > > =20 > > > On 11/30/2012 09:02 AM, =46leuriot Damien wrote: > > > > On Nov 30, 2012, at 12:00 PM, Laszlo Danielisz<laszlo=5Fdanielisz= =40yahoo.com (mailto:laszlo=5Fdanielisz=40yahoo.com)> wrote: > > > > =20 > > > > > Hi Everybody, > > > > > =20 > > > > > Recently I've discover the following issues: I can't display my= firewalls rules, and the firewall is enabled. > > > > > Take a look what is happening: > > > > > =20 > > > > > ktulu=23 pfctl -s rules > > > > > No ALTQ support in kernel > > > > > ALTQ related functions disabled > > > > > ktulu=23 pfctl -e > > > > > No ALTQ support in kernel > > > > > ALTQ related functions disabled > > > > > pfctl: pf already enabled > > > > > =20 > > > > > ktulu=23 uname -a > > > > > =46reeBSD ktulu.danielisz.eu 8.3-RELEASE-p3 =46reeBSD 8.3-RELEA= SE-p3 =230: Mon Jun 11 23:52:38 UTC 2012 root=40i386-builder.daemonology.= net (mailto:root=40i386-builder.daemonology.net):/usr/obj/usr/src/sys/GEN= ERIC i386 > > > > > =20 > > > > > =20 > > > > > =20 > > > > > Do you have any idea why I can not see them=3F > > > > > =20 > > > > > Thx=21 > > > > > Laszlo > > > > > =20 > > > > =20 > > > > =20 > > > > Actually, I believe you can see your rules, all the 0 of them. > > > > =20 > > > > Try pfctl -nf /etc/pf.conf > > > > =20 > > > > See if you have an error when loading the rules, that would expla= in it all. > > > > =20 > > > > =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= > > > > freebsd-pf=40freebsd.org (mailto:freebsd-pf=40freebsd.org) mailin= g list > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > > > > To unsubscribe, send any mail to =22freebsd-pf-unsubscribe=40free= bsd.org (mailto:freebsd-pf-unsubscribe=40freebsd.org)=22 > > > > =20 > > > =20 > > > =23 pfctl -s all > > > =20 > > > the device is loaded=3F > > > =20 > > > =23 kldload pf.ko > > > =20 > > > or recompile the kernel > > > =20 > > > device pf > > > device pflog > > > device pfsync > > > =20 > > > after that reload the rules wtih =23 pfctl -nf /etc/pf.conf and see= if change something. > > > =20 > > > sorry, my english sux. > > > =20 > > > -- =20 > > > Att, > > > Tiago =46elipe Gon=C3=A7alves. > > > Gerente de Infraestrutura de TI. > > > +55 19 99196494 > > > =20 > > =20 > > =20 > > His pfctl -si shows pf is enabled so either the module loaded fine, o= r he has device pf in his kernel config. > > =20 > > I'm waiting for both his snip from /etc/rc.conf and pfctl -vnf /etc/p= f.conf ;) > > =20 > > Also note that pfctl -nf /etc/pf.conf doesn't actually load the rules= , the -n flag makes it only parse the rules and show errors. > sorry for my failure with -n flag, i've seen mistakes on small =20 > things,not cost check =3D=5D > but -nf will show errors, rc.conf will be useful and pfctl -s all, give= =20 > us a lot of info about. > =20 > -- =20 > Att, > Tiago. > =20 > =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F > freebsd-pf=40freebsd.org (mailto:freebsd-pf=40freebsd.org) mailing list= > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to =22freebsd-pf-unsubscribe=40freebsd.or= g (mailto:freebsd-pf-unsubscribe=40freebsd.org)=22 > =20 > =20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?983A61AAA3A744F78601A2488F54CF85>