Date: Fri, 30 Nov 2012 10:40:12 -0200 From: Tiago Felipe <tfgoncalves@yahoo.com.br> To: Fleuriot Damien <ml@my.gd> Cc: freebsd-pf@freebsd.org Subject: Re: pfctl -s rules Message-ID: <50B8A92C.5090500@yahoo.com.br> In-Reply-To: <9A9FCC5B-CAB2-4EF6-A0FD-2356D9997658@my.gd> References: <49BF4308335C496593D1D7C82391C805@yahoo.com> <FE4E0127-F5A8-49C4-9BE3-814DAC35329A@my.gd> <50B8A47E.8060604@yahoo.com.br> <9A9FCC5B-CAB2-4EF6-A0FD-2356D9997658@my.gd>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/30/2012 10:23 AM, Fleuriot Damien wrote: > On Nov 30, 2012, at 1:20 PM, Tiago Felipe<tfgoncalves@yahoo.com.br> wrote: > >> On 11/30/2012 09:02 AM, Fleuriot Damien wrote: >>> On Nov 30, 2012, at 12:00 PM, Laszlo Danielisz<laszlo_danielisz@yahoo.com> wrote: >>> >>>> Hi Everybody, >>>> >>>> Recently I've discover the following issues: I can't display my firewalls rules, and the firewall is enabled. >>>> Take a look what is happening: >>>> >>>> ktulu# pfctl -s rules >>>> No ALTQ support in kernel >>>> ALTQ related functions disabled >>>> ktulu# pfctl -e >>>> No ALTQ support in kernel >>>> ALTQ related functions disabled >>>> pfctl: pf already enabled >>>> >>>> ktulu# uname -a >>>> FreeBSD ktulu.danielisz.eu 8.3-RELEASE-p3 FreeBSD 8.3-RELEASE-p3 #0: Mon Jun 11 23:52:38 UTC 2012 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 >>>> >>>> >>>> >>>> Do you have any idea why I can not see them? >>>> >>>> Thx! >>>> Laszlo >>> >>> Actually, I believe you can see your rules, all the 0 of them. >>> >>> Try pfctl -nf /etc/pf.conf >>> >>> See if you have an error when loading the rules, that would explain it all. >>> >>> _______________________________________________ >>> freebsd-pf@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >> # pfctl -s all >> >> the device is loaded? >> >> # kldload pf.ko >> >> or recompile the kernel >> >> device pf >> device pflog >> device pfsync >> >> after that reload the rules wtih # pfctl -nf /etc/pf.conf and see if change something. >> >> sorry, my english sux. >> >> -- >> Att, >> Tiago Felipe Gonçalves. >> Gerente de Infraestrutura de TI. >> +55 19 99196494 > > His pfctl -si shows pf is enabled so either the module loaded fine, or he has device pf in his kernel config. > > I'm waiting for both his snip from /etc/rc.conf and pfctl -vnf /etc/pf.conf ;) > > Also note that pfctl -nf /etc/pf.conf doesn't actually load the rules, the -n flag makes it only parse the rules and show errors. > sorry for my failure with -n flag, i've seen mistakes on small things,not cost check =] but -nf will show errors, rc.conf will be useful and pfctl -s all, give us a lot of info about. -- Att, Tiago.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50B8A92C.5090500>