From owner-freebsd-pf@FreeBSD.ORG  Fri Nov 30 13:50:38 2012
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id F072B48E
 for <freebsd-pf@freebsd.org>; Fri, 30 Nov 2012 13:50:38 +0000 (UTC)
 (envelope-from laszlo_danielisz@yahoo.com)
Received: from nm21-vm0.bullet.mail.ukl.yahoo.com
 (nm21-vm0.bullet.mail.ukl.yahoo.com [217.12.10.32])
 by mx1.freebsd.org (Postfix) with ESMTP id 360A38FC12
 for <freebsd-pf@freebsd.org>; Fri, 30 Nov 2012 13:50:37 +0000 (UTC)
Received: from [217.146.183.183] by nm21.bullet.mail.ukl.yahoo.com with NNFMP;
 30 Nov 2012 13:48:14 -0000
Received: from [217.146.182.85] by tm14.bullet.mail.ukl.yahoo.com with NNFMP;
 30 Nov 2012 13:48:14 -0000
Received: from [127.0.0.1] by smtp150.mail.ukl.yahoo.com with NNFMP;
 30 Nov 2012 13:48:14 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024;
 t=1354283294; bh=BNNq+3/YpwkHi0qHsU5ThkzB2N/G0QkeXhXW1LKwuMY=;
 h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Date:From:To:Cc:Message-ID:In-Reply-To:References:Subject:X-Mailer:MIME-Version:Content-Type;
 b=MCN7u6HBq+2Q12YsdaoyjXqfm6oJWKh4beU0yvbRUH3kDFUPG0mdpWVBovV5m+aJOemFKF0bCNWV3j1rdSddyP+LRFnsbIo5MQe7D/Q1NtZsrwQwl+Ck34ZoFatews9HtwAoziu7Sa5sopzoCLpuELv2YVC3wDd6qEnTGMc8PmQ=
X-Yahoo-Newman-Id: 306481.69997.bm@smtp150.mail.ukl.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: cV0g8EgVM1kg6ObNZjMTmBlIb5yagarWcdOMFbhdR4wXSr_
 BmNdXlcwL7IEnkK16kDWcsOU3WwjSwBsrOpVvzRPeUzYgMpbKjuc8tb9zNik
 M9rKBVnOPWa9I.92BsiwCYhaNhzFJFqMfexEVbzaBMlpOh1Km1LrhddewDzG
 emHJF4mOygJIV2HHJ.2ILO0lL1mRhLh4qG7R7RTx0QXGYDCOw.Excm2zTgV.
 JYJWjEn7WJUQ2AUGedU31AU59RvxmXCmbZc4RjFid9INzD0xnla9.17qbiEF
 RAvI6Qe1rfpCThf8uZzn87C6rqOrhPRUVuENxbYaKgfMBfwxsWektIbBvHYN
 yri9TX8OaPWQxFnLKlzs1ahh6LoDLG.ewmdQyB6RhNsyaOcDwKtHxC2euvXi
 w5SvmwNtiyC3JH70NkX4wv5IldYLSwblr4bC3mHz3zvmQSwWC5VqONc4euDy
 3i6RaFGhxMfhM8RWYqIi0aQqLWrC36Mmv_3z4i_0ttXdZCLzWYm5LJWsnDao
 tcV0E7TjiTDKNTjiYJLAQxh_ITpgzvowBO88TKdvi9F_4aliHx15u9iDbn_L
 f6MKWqgnStwnJFXyUdttVdzFbyjOGNpEeeokLfiAknaWvexBypAHg9s51s9w
 f.5uey1IXFYOcI1JB4VLBBtRsjMr8xtBsfrX7
X-Yahoo-SMTP: QwgFOT2swBC9RbEk7L61j8D8oTJpwuBOkZBcLzY-
Received: from [172.16.0.150] (laszlo_danielisz@62.77.229.168 with plain)
 by smtp150.mail.ukl.yahoo.com with SMTP; 30 Nov 2012 05:48:14 -0800 PST
Date: Fri, 30 Nov 2012 14:48:12 +0100
From: Laszlo Danielisz <laszlo_danielisz@yahoo.com>
To: Fleuriot Damien <ml@my.gd>
Message-ID: <687B3117BBB54AF88DB70806673879A5@yahoo.com>
In-Reply-To: <D6CB4D50-A7E1-443B-A856-2FA755C835D1@my.gd>
References: <49BF4308335C496593D1D7C82391C805@yahoo.com>
 <FE4E0127-F5A8-49C4-9BE3-814DAC35329A@my.gd>
 <50B8A47E.8060604@yahoo.com.br>
 <9A9FCC5B-CAB2-4EF6-A0FD-2356D9997658@my.gd>
 <50B8A92C.5090500@yahoo.com.br>
 <983A61AAA3A744F78601A2488F54CF85@yahoo.com>
 <02387299-5EC3-47B7-B1CA-27F36A947D85@my.gd>
 <DEC30EB90D47450BABAC296B4C2C11E9@yahoo.com>
 <D6CB4D50-A7E1-443B-A856-2FA755C835D1@my.gd>
Subject: Re: pfctl -s rules
X-Mailer: sparrow 1.6.4 (build 1176)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.14
Cc: freebsd-pf@freebsd.org
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2012 13:50:39 -0000

Thank you=21 =20



On 2012 November 30 =46riday at 2:33 PM, =46leuriot Damien wrote:

> -P
> =20
> Enjoy.
> =20
> =20
> On Nov 30, 2012, at 2:30 PM, Laszlo Danielisz <laszlo=5Fdanielisz=40yah=
oo.com (mailto:laszlo=5Fdanielisz=40yahoo.com)> wrote:
> > Good idea, let me check.
> > One more think, while pfctl -vnf /etc/pf.conf how can I list the port=
 numbers instead of the protocol=3F
> > =20
> > ex:
> > pass in on em0 inet proto tcp from 192.168.1.0/24 to 192.168.1.2 port=
 =3D ftp flags S/SA keep state
> > =20
> > I want to see port =3D 21 instead of port =3D ftp =20
> > =20
> > -- =20
> > Laszlo Danielisz
> > Sent with Sparrow (http://www.sparrowmailapp.com/=3Fsig)
> > =20
> > =20
> > On 2012 November 30 =46riday at 2:20 PM, =46leuriot Damien wrote:
> > =20
> > > It likely tries to apply rules on an interface that doesn't exist y=
et (for example openvpn's tun).
> > > =20
> > > There's also the chance your rules contain a fully qualified domain=
 name, say example.com (http://example.com/)
> > > P=46 tries to load its rules, DNS resolution is not up yet, =46QDN =
fails to resolve to anything meaningful, rules fail to laod.
> > > =20
> > > Review your rules for any non-physical interfaces (tun, gif) and do=
main names.
> > > =20
> > > =20
> > > On Nov 30, 2012, at 2:17 PM, Laszlo Danielisz <laszlo=5Fdanielisz=40=
yahoo.com (mailto:laszlo=5Fdanielisz=40yahoo.com)> wrote:
> > > > Thank you very much for your help=21 =20
> > > > =20
> > > > pf is loaded to the kernel:
> > > > ktulu=23 kldstat=7Cgrep pf        =20
> > > > 38    1 0xc4b41000 3000     pflog.ko
> > > > 39    1 0xc4b44000 35000    pf.ko
> > > > =20
> > > > =20
> > > > and pfctl -vnf /etc/pf.conf did work, though I don't want to past=
e here the whole result :)
> > > > =20
> > > > Here is the output of grep
> > > > =20
> > > > ktulu=23 grep pf /etc/rc.conf   =20
> > > > =23pf
> > > > pf=5Fenable=3D=22YES=22
> > > > pf=5Frules=3D=22/etc/pf.conf=22
> > > > pf=5Fflags=3D=22=22
> > > > pflog=5Fenable=3D=22YES=22
> > > > pflog=5Flogfile=3D=22/var/log/pflog=22
> > > > pflog=5Fflags=3D=22=22
> > > > =20
> > > > =20
> > > > I wonder why it doesn't start on boot time=3F
> > > > -- =20
> > > > Laszlo Danielisz
> > > > Sent with Sparrow (http://www.sparrowmailapp.com/=3Fsig)
> > > > =20
> > > > =20
> > > > On 2012 November 30 =46riday at 1:40 PM, Tiago =46elipe wrote:
> > > > =20
> > > > > On 11/30/2012 10:23 AM, =46leuriot Damien wrote:
> > > > > > On Nov 30, 2012, at 1:20 PM, Tiago =46elipe<tfgoncalves=40yah=
oo.com.br (mailto:tfgoncalves=40yahoo.com.br)> wrote:
> > > > > > =20
> > > > > > > On 11/30/2012 09:02 AM, =46leuriot Damien wrote:
> > > > > > > > On Nov 30, 2012, at 12:00 PM, Laszlo Danielisz<laszlo=5Fd=
anielisz=40yahoo.com (mailto:laszlo=5Fdanielisz=40yahoo.com)> wrote:
> > > > > > > > =20
> > > > > > > > > Hi Everybody,
> > > > > > > > > =20
> > > > > > > > > Recently I've discover the following issues: I can't di=
splay my firewalls rules, and the firewall is enabled.
> > > > > > > > > Take a look what is happening:
> > > > > > > > > =20
> > > > > > > > > ktulu=23 pfctl -s rules
> > > > > > > > > No ALTQ support in kernel
> > > > > > > > > ALTQ related functions disabled
> > > > > > > > > ktulu=23 pfctl -e
> > > > > > > > > No ALTQ support in kernel
> > > > > > > > > ALTQ related functions disabled
> > > > > > > > > pfctl: pf already enabled
> > > > > > > > > =20
> > > > > > > > > ktulu=23 uname -a
> > > > > > > > > =46reeBSD ktulu.danielisz.eu (http://ktulu.danielisz.eu=
/) 8.3-RELEASE-p3 =46reeBSD 8.3-RELEASE-p3 =230: Mon Jun 11 23:52:38 UTC =
2012 root=40i386-builder.daemonology.net (mailto:root=40i386-builder.daem=
onology.net):/usr/obj/usr/src/sys/GENERIC i386
> > > > > > > > > =20
> > > > > > > > > =20
> > > > > > > > > =20
> > > > > > > > > Do you have any idea why I can not see them=3F
> > > > > > > > > =20
> > > > > > > > > Thx=21
> > > > > > > > > Laszlo
> > > > > > > > > =20
> > > > > > > > =20
> > > > > > > > =20
> > > > > > > > Actually, I believe you can see your rules, all the 0 of =
them.
> > > > > > > > =20
> > > > > > > > Try pfctl -nf /etc/pf.conf
> > > > > > > > =20
> > > > > > > > See if you have an error when loading the rules, that wou=
ld explain it all.
> > > > > > > > =20
> > > > > > > > =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F
> > > > > > > > freebsd-pf=40freebsd.org (mailto:freebsd-pf=40freebsd.org=
) mailing list
> > > > > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> > > > > > > > To unsubscribe, send any mail to =22freebsd-pf-unsubscrib=
e=40freebsd.org (mailto:freebsd-pf-unsubscribe=40freebsd.org)=22
> > > > > > > > =20
> > > > > > > =20
> > > > > > > =23 pfctl -s all
> > > > > > > =20
> > > > > > > the device is loaded=3F
> > > > > > > =20
> > > > > > > =23 kldload pf.ko
> > > > > > > =20
> > > > > > > or recompile the kernel
> > > > > > > =20
> > > > > > > device pf
> > > > > > > device pflog
> > > > > > > device pfsync
> > > > > > > =20
> > > > > > > after that reload the rules wtih =23 pfctl -nf /etc/pf.conf=
 and see if change something.
> > > > > > > =20
> > > > > > > sorry, my english sux.
> > > > > > > =20
> > > > > > > -- =20
> > > > > > > Att,
> > > > > > > Tiago =46elipe Gon=C3=A7alves.
> > > > > > > Gerente de Infraestrutura de TI.
> > > > > > > +55 19 99196494
> > > > > > > =20
> > > > > > =20
> > > > > > =20
> > > > > > His pfctl -si shows pf is enabled so either the module loaded=
 fine, or he has device pf in his kernel config.
> > > > > > =20
> > > > > > I'm waiting for both his snip from /etc/rc.conf and pfctl -vn=
f /etc/pf.conf ;)
> > > > > > =20
> > > > > > Also note that pfctl -nf /etc/pf.conf doesn't actually load t=
he rules, the -n flag makes it only parse the rules and show errors.
> > > > > sorry for my failure with -n flag, i've seen mistakes on small =
=20
> > > > > things,not cost check =3D=5D
> > > > > but -nf will show errors, rc.conf will be useful and pfctl -s a=
ll, give =20
> > > > > us a lot of info about.
> > > > > =20
> > > > > -- =20
> > > > > Att,
> > > > > Tiago.
> > > > > =20
> > > > > =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F
> > > > > freebsd-pf=40freebsd.org (mailto:freebsd-pf=40freebsd.org) mail=
ing list
> > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> > > > > To unsubscribe, send any mail to =22freebsd-pf-unsubscribe=40fr=
eebsd.org (mailto:freebsd-pf-unsubscribe=40freebsd.org)=22
> > > > > =20
> > > > =20
> > > > =20
> > > =20
> > =20
> =20