From owner-freebsd-questions@FreeBSD.ORG Thu May 15 00:38:21 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5A53F1065674 for ; Thu, 15 May 2008 00:38:21 +0000 (UTC) (envelope-from cybersans@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.225]) by mx1.freebsd.org (Postfix) with ESMTP id 2E97D8FC25 for ; Thu, 15 May 2008 00:38:20 +0000 (UTC) (envelope-from cybersans@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so212884rvf.43 for ; Wed, 14 May 2008 17:38:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=6SOU9uguxkpo74lwDrT1LtAbXvz+rn7ZrQdYz2tgAD4=; b=WFLkPEraUXr5dDE/qQiM2O8BanUp2MNtvQ2aQLh8ex8bzIKjCc8SspxFLGu+VaDZJRpW8OaP6W1YhPfUQd9GMp6zYItfP8WEBGBa/eMVpO7hTYw7OtL9fX24ATMevZEtJgv7n/Gbswa5UiqbqvInl/VVa1ZHuWe3mgHQgv6bl3Y= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=WwMXF5IIbPZgl0Zs2WebFNadPqngwSbehM+ecEVeFlj9ro1fIbdWRtZpTk0qDtS4DrcYLEPSQ+tSVK+Km/GrAxkd4ZkiUryyzHl34a+5o0afU5rQMB1DYQVH8Wmsvb+owc5PrS9BOQFK9Y8VuklONSWXMYvCR6tM2xM8CavbSMA= Received: by 10.141.67.21 with SMTP id u21mr767850rvk.222.1210811900649; Wed, 14 May 2008 17:38:20 -0700 (PDT) Received: by 10.141.84.20 with HTTP; Wed, 14 May 2008 17:38:20 -0700 (PDT) Message-ID: <15af975d0805141738l3a4b3d32h70caafa1f196a9e9@mail.gmail.com> Date: Thu, 15 May 2008 08:38:20 +0800 From: "CyberSans AirBort" To: "Doug Hardie" , freebsd-questions@freebsd.org In-Reply-To: <15af975d0805140230i6a162aw492fdf9995d7b990@mail.gmail.com> MIME-Version: 1.0 References: <15af975d0805131824i142a4847u852a6ad09f61e526@mail.gmail.com> <15af975d0805140140m588027f7xa77cabb997e2b5bc@mail.gmail.com> <15af975d0805140230i6a162aw492fdf9995d7b990@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: problem on pf @ freebsd 7.0 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 May 2008 00:38:21 -0000 hello there. i think this conversation can be closed right now. when i try to look at dmesg output: Starting pflog. May 14 16:09:53 pflogd[471]: [priv]: msg PRIV_OPEN_LOG received Enabling pf. no IP address found for securehost.xxx.xx /etc/pf.conf:9: could not parse host specification pfctl: Syntax error in config file: pf rules not loaded which securehost.xxx.xx cannot be resolved while booting because no dns server was contacted. when i remove the hosts from pf.conf then pf is loaded when booting. thank you for now On Wed, May 14, 2008 at 5:30 PM, CyberSans AirBort wrote: > oh yes. i did type exactly like that. and still pf didn't load on startup > even though it has /etc/rc.d/pf and like i said before, i have to re-load > the pf by using /etc/rc.d/pf restart > > btw, what kind of freebsd's distro that you used without having problem on > this pf? 7.0? > > > On Wed, May 14, 2008 at 4:59 PM, Doug Hardie wrote: > >> >> On May 14, 2008, at 01:40, CyberSans AirBort wrote: >> >> kldstat only shows: >>> Id Refs Address Size Name >>> 1 7 0xc0400000 910b90 kernel >>> 2 1 0xc0d11000 6a32c acpi.ko >>> 3 1 0xc6c4f000 22000 linux.ko >>> >>> yes, i already put: >>> pf_load="YES" >>> pflog_load="YES" >>> pfsync_load="YES" >>> inside /boot/loader.conf >>> >>> and my previous message, i already compile the kernel with pf and put >>> appropriate line inside /etc/rc.conf >>> >>> and the pf still do not loading when freebsd 7.0 boot up. >>> >>> thank you >>> >>> On Wed, May 14, 2008 at 2:28 PM, Doug Hardie wrote: >>> >>> On May 13, 2008, at 18:24, CyberSans AirBort wrote: >>> >>> hello there. sorry if this similar question been asked before in this >>> forum. >>> >>> my problem is, i install freebsd 7.0 and after that compile the kernel to >>> enable pf (using the same method like freebsd's handbook said): >>> >>> device pf >>> device pflog >>> device pfsync >>> >>> options ALTQ >>> options ALTQ_CBQ >>> options ALTQ_RED >>> options ALTQ_RIO >>> options ALTQ_HFSC >>> options ALTQ_CDNR >>> options ALTQ_PRIQ >>> options ALTQ_NOPCC >>> >>> and i put everything inside /etc/rc.conf >>> >>> pf_enable="YES" >>> pf_rules="/etc/pf.conf" >>> pf_flags="" >>> pflog_enable="YES" >>> pflog_logfile="/var/log/pflog" >>> pflog_flags="" >>> >>> and guess what? pf is not loading when startup. i have to manually >>> restarted >>> the pf using /etc/rc.d/pf restart >>> >>> is that a bug? i never have this kind of problem when using version 5.* >>> or >>> 6.* >>> >>> Did you load the kernel extensions: pflog and pf? Use kldstat and make >>> sure both of them appear. I had to add pflog_load="YES" to >>> /boot/loader.conf to get it to work properly. >>> >> >> pf should be loaded by /etc/rc.d/pf. pflog has to be loaded by you. >> Easiest is in /boot/loader.conf as described above. Check the typing very >> carefully for the pf commands. Mine are: >> >> pf_enable="YES" # Enable PF (load module if required) >> pf_rules="/etc/pf.conf" # rules definition file for pf >> pf_flags="" # additional flags for pfctl startup >> >> >> >