Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 31 Mar 2005 15:54:22 -0700
From:      Pat Maddox <pergesu@gmail.com>
To:        freebsd-pf@freebsd.org
Subject:   Problem with PF
Message-ID:  <810a540e0503311454589ae1cc@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 

I just got a new server with FreeBSD 5.3 installed, tried to set up
PF, and am getting an error when I try to parse the file.  I updated
to patch release 6, hoping that might solve things, but I still get
the error.  Here's the error itself:

pfctl: ifa_load: pfi_get_ifaces: Bad file descriptor

And now for pf.conf:

# ------- pf.conf skeleton for server
#
# --------------- MACRO Section  -----------------

EXT_IF="rl0"

PING = "echoreq"

# --- allowed incoming services initiated by clients

TCP_IN = "{ ssh }"
#UDP_IN = "{  }"

# --- allowed services initiated by server

TCP_OUT = "{ ssh, ftp, http, ntp, 5999 }"
UDP_OUT = "{ domain, ntp }"

# ------------------ TABLE Section --------------

# ------------------ OPTIONS Section
set loginterface $EXT_IF

# --------- TRAFFIC NORMALIZATION ----------------
scrub in all
# ---------- TRANSLATION Section (NAT/RDR)

# ---------- FILTER section

# --- DEFAULT POLICY
block log all

# --- LOOPBACK
pass quick on lo0 all

# ======================= INCOMING ================
# ----------- EXTERNAL INTERFACE

# --- TCP
pass in quick on $EXT_IF inet proto tcp from any to $EXT_IF port
$TCP_IN flags S/SA keep state

# --- UDP
#pass in quick on $EXT_IF inet proto udp from any to $EXT_IF port
$UDP_IN keep state

# --- ICMP
pass in quick on $EXT_IF inet proto icmp from any to $EXT_IF icmp-type
$PING keep state

# ======================= OUTGOING ================
# ----------- EXTERNAL INTERFACE

# --- TCP
pass out quick on $EXT_IF inet proto tcp from $EXT_IF to any port
$TCP_OUT flags S/SA  keep state

# --- UDP
pass out quick on $EXT_IF inet proto udp from $EXT_IF to any port
$UDP_OUT keep state

# --- ICMP
pass out quick on $EXT_IF inet proto icmp from $EXT_IF to any
icmp-type $PING keep state

# ----------------- end of pf.conf

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?810a540e0503311454589ae1cc>