Date: Fri, 4 Sep 2009 12:34:39 -0800 From: Henrik Hudson <lists@rhavenn.net> To: freebsd-current@freebsd.org Subject: Re: PF rules not loading Message-ID: <20090904203439.GA6431@alucard.int.rhavenn.net> In-Reply-To: <20090904201132.GA17378@srv.home.kreklow.us> References: <20090904165930.GA4160@alucard.int.rhavenn.net> <20090904201132.GA17378@srv.home.kreklow.us>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 04 Sep 2009, Collin Kreklow wrote: > On Fri, Sep 04, 2009 at 08:59:30AM -0800, Henrik Hudson wrote: > > Hey List, > > > > I just finishing supping to 8-BETA3 and after a reboot I noticed > > that my PF rules weren't loading and hence NAT wasn't working for > > internal clients, not to mention no firewall :) > > > > This might not be specific to BETA3, but it's the first time I > > noticed it concretely. I did have a power outage last week where > > after a poweron I had to run pfctl -f /etc/pf.conf to get NAT working > > again. This was under BETA2. > > At the time when the pf script runs during boot, all the network > interfaces may not be fully configured. It is likely that your pf.conf > includes rules that pf can't calculate because one or more network > interfaces are not yet configured. I had to change my pf.conf to > hard-code the IP ranges instead of using :network to get my rules to > load on boot. Also make sure your script is using (xl0) where > appropriate. It's possible. However, I'm pretty sure the ruleset worked correctly on the initial install and it's a ruleset I've used on plenty of different gateway servers with a similar hardware setup. However, I did just finish building another 8-BETA3 x64 box and it works fine, so maybe something fluky is going on with the server crash due to the power outage. I will investiage further. Thanks. Henrik -- Henrik Hudson lists@rhavenn.net ----------------------------------------- "God, root, what is difference?" Pitr; UF
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090904203439.GA6431>