Date: Fri, 4 Sep 2009 08:59:30 -0800 From: Henrik Hudson <lists@rhavenn.net> To: freebsd-current@freebsd.org Subject: PF rules not loading Message-ID: <20090904165930.GA4160@alucard.int.rhavenn.net>
next in thread | raw e-mail | index | archive | help
Hey List, I just finishing supping to 8-BETA3 and after a reboot I noticed that my PF rules weren't loading and hence NAT wasn't working for internal clients, not to mention no firewall :) This might not be specific to BETA3, but it's the first time I noticed it concretely. I did have a power outage last week where after a poweron I had to run pfctl -f /etc/pf.conf to get NAT working again. This was under BETA2. uname: FreeBSD cerberus.domain.local 8.0-BETA3 FreeBSD 8.0-BETA3 #1: Fri Sep 4 02:35:38 AKDT 2009 root@cerberus.domain.local:/usr/obj/usr/src/sys/CERBERUS amd64 The kernel is 99% stock with the only changes being the IDENT and adding PF and ALTQ specific items. rc.conf: #firewall -pf pf_enable="YES" # Set to YES to enable packet filter (pf) pf_rules="/etc/pf.conf" # rules definition file for pf pf_program="/sbin/pfctl" # where the pfctl program lives pf_flags="" # additional flags for pfctl pflog_enable="YES" # Set to YES to enable packet filter logging pflog_logfile="/var/log/pflog" # where pflogd should store the logfile pflog_program="/sbin/pflogd" # where the pflogd program lives pflog_flags="" # additional flags for pflogd pfsync_enable="NO" # Expose pf state to other hosts for syncing pfsync_syncdev="" # Interface for pfsync to work through pfsync_ifconfig="" # Additional options to ifconfig(8) for pfsync Manually running /etc/rc.d/pf start works fine and doesn't show any errors. Any further steps to troubleshoot this / check this? hardware is a atom based mobo with the onboad re0 and then a xl0 PCI card. re0 is internal facing and the xl0 is a DHCP external from my ISP. Henrik -- Henrik Hudson lists@rhavenn.net ----------------------------------------- "God, root, what is difference?" Pitr; UF
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090904165930.GA4160>