Date: Fri, 05 Oct 2007 17:05:57 +0200 From: Peo Nilsson <per-olof.nilsson@comhem.se> To: FreeBSD quest-list <freebsd-questions@freebsd.org> Subject: Can't get pf to work Message-ID: <1191596757.1184.16.camel@zeus.se>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Dear list.
I'm trying to configure pf on FreeBSD 6.2-release
with no success. Is there anyone that has time and
can give me a clue for what I'm doing wrong?
This is what I have done:
1) /etc/rc.conf:
pf_enable="YES" # Enable PF (load module if required)
pf_rules="/etc/pf.conf" # rules definition file for pf
pf_flags="" # additional flags for pfctl startup
pflog_enable="YES" # start pflogd(8)
pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
pflog_flags="" # additional flags for pflogd startup
2) /etc/pf.conf:
----------------------------------------------------------------------
...<snap>
# 1. Macros
lo = lo0 # loopback device
ext = nve0 # networkcard
# 2. Tables
# 3. Options
set block-policy drop
set optimization aggresive
set loginterface $ext
# 4. Packet normalization
scrub in on $ext all
# 5. Queueing.
# 6. Translation.
# 7. Filtering.
pass quick on $lo all # Don't block loopback traffic
antispoof for { $lo, $ext } # Antispoof
block in on $ext all # Block all incoming as default
block out on $ext all # Block all outgoing as default
# Eof
...<snap>
-----------------------------------------------------------------
3) kldstat says:
7 1 0xc4b1c000 3000 pflog.ko
8 1 0xc4b26000 2d000 pf.ko
As far as I get it, I shouldn't be able to enter the internet as it is,
but nothing is blocked and I can check my mail and so. What have I
missed ?
--
/Peo
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)
iD8DBQBHBlLPgWSfflYlIbwRAsBPAKCgiqMe0+qe7c1AIJVGjrGLGslQ+wCggwaV
JZybIjtHuTjUYb5EpgcFcCw=
=b5BZ
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1191596757.1184.16.camel>
