From owner-freebsd-pf@FreeBSD.ORG Sat Feb 12 05:23:12 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3CA4F16A4CE for ; Sat, 12 Feb 2005 05:23:12 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE6FD43D58 for ; Sat, 12 Feb 2005 05:23:11 +0000 (GMT) (envelope-from jsimola@gmail.com) Received: by wproxy.gmail.com with SMTP id 58so1584502wri for ; Fri, 11 Feb 2005 21:23:11 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=mkvuNu7+SXTC+oSn+Zxb9PGlxM6epMaoYrQoSbsFuZM9862CLC4uNYEee+qNbdinAbbcF45UonP5o3ALNIz/e8Yi2pZHHHJVMu89pnMDxqkDP2x3g2KlqERFcZ1B8N0Xr55VmFUM4JLY83UvTdpG6B44htgcg9amGcXu2gxZkmE= Received: by 10.54.54.53 with SMTP id c53mr235787wra; Fri, 11 Feb 2005 21:23:11 -0800 (PST) Received: by 10.54.39.34 with HTTP; Fri, 11 Feb 2005 21:23:11 -0800 (PST) Message-ID: <8eea040805021121233c040991@mail.gmail.com> Date: Fri, 11 Feb 2005 21:23:11 -0800 From: Jon Simola To: Anthony Chavez In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: cc: freebsd-pf@freebsd.org Subject: Re: pf + kldload X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jon@abccomm.com List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Feb 2005 05:23:12 -0000 On Fri, 11 Feb 2005 21:29:32 -0700, Anthony Chavez wrote: > However, pfctl shows that no packet evaulations are being performed and > thus, no packets are being dropped. On a wild guess (because I had two techs brain-o this one for 6 hours) have you done "pfctl -e" to turn on pf? ipfw twiddles the sysctls when it's loaded and starts filtering immediately, but pf requires manually turning it on. You can load rulesets and test them for valid syntax without running pf (part feature, part skill-testing question). -- Jon Simola