From owner-freebsd-pf@FreeBSD.ORG Tue Nov 4 20:15:41 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 73B84E96 for ; Tue, 4 Nov 2014 20:15:41 +0000 (UTC) Received: from smtp.po.exetel.com.au (pecan2-mail.exetel.com.au [220.233.0.71]) by mx1.freebsd.org (Postfix) with ESMTP id 2B86A8C9 for ; Tue, 4 Nov 2014 20:15:40 +0000 (UTC) Received: from phasia.kd.net.au ([115.70.76.27]) by smtp.po.exetel.com.au with esmtp (Exim 4.80) (envelope-from ) id 1XlkVv-0000aQ-Aq for freebsd-pf@freebsd.org; Wed, 05 Nov 2014 07:15:39 +1100 Received: from aneurin.horsfall.org (unknown [120.146.8.15]) by dermis.kd (Postfix) with ESMTP id 4FA87CD2C for ; Wed, 5 Nov 2014 07:17:28 +1100 (EST) Received: from aneurin.horsfall.org (localhost [127.0.0.1]) by aneurin.horsfall.org (8.14.4/8.14.4) with ESMTP id sA4KFMqH014010 for ; Wed, 5 Nov 2014 07:15:23 +1100 (EST) (envelope-from dave@horsfall.org) Received: from localhost (dave@localhost) by aneurin.horsfall.org (8.14.4/8.14.4/Submit) with ESMTP id sA4KFLmN014007 for ; Wed, 5 Nov 2014 07:15:22 +1100 (EST) (envelope-from dave@horsfall.org) X-Authentication-Warning: aneurin.horsfall.org: dave owned process doing -bs Date: Wed, 5 Nov 2014 07:15:21 +1100 (EST) From: Dave Horsfall To: FreeBSD PF List Subject: Re: Getting tables to work in PF In-Reply-To: Message-ID: References: <478A1469-F6EE-4D8D-B51F-B41C97626439@lafn.org> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-Witty-Saying: "chmod 666 the_mode_of_the_beast" MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 20:15:41 -0000 On Tue, 4 Nov 2014, Dave Horsfall wrote: > The rules? Not a sausage. It's behaving as though it's reading the > file (which it is), but not honouring the rules themselves (which it > isn't). A bit more progress; I finally got around to tracing it, and the salient bit is: (Many calls to set rules) (Many calls to set timeouts) 13925 pfctl CALL ioctl(0x3,DIOCSETDEBUG,0xbfbfdc84) 13925 pfctl RET ioctl 0 13925 pfctl CALL ioctl(0x3,DIOCSETSTATUSIF,0xbfbfdc5c) 13925 pfctl RET ioctl -1 errno 22 Invalid argument Aha... So, what's so invalid about it? I don't have kernel source (my installation was interrupted by a long stay in hospital), so I cannot investigate any further. And my plea as before: > So, if pf(4) actually known to work on: > > FreeBSD aneurin.horsfall.org 8.2-RELEASE-p3 FreeBSD 8.2-RELEASE-p3 #0: Tue Sep 27 18:07:27 UTC 2011 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 > > and if so, does anyone have a working sample pf.conf from such a box? Thanks. -- Dave Horsfall (VK2KFU) "Bliss is a MacBook with a FreeBSD server." http://www.horsfall.org/spam.html (and check the home page whilst you're there)