Date: Mon, 20 Dec 2010 13:43:58 GMT From: Manuel G Ochoa <mochoa@bloodinthestreets.org> To: freebsd-gnats-submit@FreeBSD.org Subject: amd64/153307: Bug with PF firewall Message-ID: <201012201343.oBKDhwMg018156@red.freebsd.org> Resent-Message-ID: <201012201350.oBKDoAuB000580@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 153307 >Category: amd64 >Synopsis: Bug with PF firewall >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-amd64 >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Dec 20 13:50:10 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Manuel G Ochoa >Release: Freebsd 8.1 >Organization: Agency Matrix LLC >Environment: FreeBSD xxx.xxxxxxxx.xxx 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:3 6:49 UTC 2010 root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 >Description: PF firewall does not work as expected after a reboot >How-To-Repeat: Configure /etc/pf.conf as follows: ext="em0" table <trusted> persist file "/etc/trusted" scrub in pass in quick from <trusted> block in on $ext Configure /etc/trusted as follows: 192.168.1.39 Reboot server Any ip address will pass through the firewall run: pfctl -t trusted -T show results: Table does not exist. >Fix: run this command: pfctl -f /etc/pf.conf This command will reload the pf config file and load the table into the rule set. run: pfctl -t trusted -T show results: 192.168.1.39 Now, only this ip address is allowed through the firewall. All other addresses are blocked. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201012201343.oBKDhwMg018156>