From owner-freebsd-pf@FreeBSD.ORG Fri Nov 30 12:23:21 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9F331D66 for ; Fri, 30 Nov 2012 12:23:21 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-we0-f182.google.com (mail-we0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 25FE98FC15 for ; Fri, 30 Nov 2012 12:23:20 +0000 (UTC) Received: by mail-we0-f182.google.com with SMTP id u54so156006wey.13 for ; Fri, 30 Nov 2012 04:23:20 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=TWx7BowUSvtq7iImWrooe0LauNbPZ0m1vL445WRIYgs=; b=hQBJEfWRIhDkQTDBgqnFqXuNdjhUpkkRQp43r5JDCIEAs5Jrp6QJoxJxaNr2+jJow5 P4tQlK4Bgb08EzaNwnP+UHuxJd/5Db+Lox0XzJzjcXVMPgOANr0aqkxUdT2sniToJZXS HoYp+eUkZf+GS5zjQLKjG8YSp288JHEV1fRmBB0DS9KsSf/DI6Hm2J9tNce/cfrtm1NE QFM+aq7Zrp+2vxPb2Vdk/1WC+k03IlK1bDN2AJlG0eA/y9iqM0RxNzExe++hstIym/lE +Kv01ebuwVNg3HMxlyqZivF7EsHQB2ULLz5kholpRpcPm5wFmZJqWx5S2Csi8FdZV1zD 1CAg== Received: by 10.216.194.170 with SMTP id m42mr425356wen.30.1354278200194; Fri, 30 Nov 2012 04:23:20 -0800 (PST) Received: from dfleuriot-at-hi-media.com ([83.167.62.196]) by mx.google.com with ESMTPS id p3sm15049246wic.8.2012.11.30.04.23.17 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 30 Nov 2012 04:23:18 -0800 (PST) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) Subject: Re: pfctl -s rules From: Fleuriot Damien In-Reply-To: <50B8A47E.8060604@yahoo.com.br> Date: Fri, 30 Nov 2012 13:23:16 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: <9A9FCC5B-CAB2-4EF6-A0FD-2356D9997658@my.gd> References: <49BF4308335C496593D1D7C82391C805@yahoo.com> <50B8A47E.8060604@yahoo.com.br> To: Tiago Felipe X-Mailer: Apple Mail (2.1499) X-Gm-Message-State: ALoCoQnoYfK33NJcpjrCndgf25neeisetafGGmltNRnyItuuit+GBT1z85yQstNV4Q9VrFJQ3Yoh Cc: freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Nov 2012 12:23:21 -0000 On Nov 30, 2012, at 1:20 PM, Tiago Felipe = wrote: > On 11/30/2012 09:02 AM, Fleuriot Damien wrote: >> On Nov 30, 2012, at 12:00 PM, Laszlo = Danielisz wrote: >>=20 >>> Hi Everybody, >>>=20 >>> Recently I've discover the following issues: I can't display my = firewalls rules, and the firewall is enabled. >>> Take a look what is happening: >>>=20 >>> ktulu# pfctl -s rules >>> No ALTQ support in kernel >>> ALTQ related functions disabled >>> ktulu# pfctl -e >>> No ALTQ support in kernel >>> ALTQ related functions disabled >>> pfctl: pf already enabled >>>=20 >>> ktulu# uname -a >>> FreeBSD ktulu.danielisz.eu 8.3-RELEASE-p3 FreeBSD 8.3-RELEASE-p3 #0: = Mon Jun 11 23:52:38 UTC 2012 = root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 >>>=20 >>>=20 >>>=20 >>> Do you have any idea why I can not see them? >>>=20 >>> Thx! >>> Laszlo >>=20 >>=20 >> Actually, I believe you can see your rules, all the 0 of them. >>=20 >> Try pfctl -nf /etc/pf.conf >>=20 >> See if you have an error when loading the rules, that would explain = it all. >>=20 >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > # pfctl -s all >=20 > the device is loaded? >=20 > # kldload pf.ko >=20 > or recompile the kernel >=20 > device pf > device pflog > device pfsync >=20 > after that reload the rules wtih # pfctl -nf /etc/pf.conf and see if = change something. >=20 > sorry, my english sux. >=20 > --=20 > Att, > Tiago Felipe Gon=E7alves. > Gerente de Infraestrutura de TI. > +55 19 99196494 His pfctl -si shows pf is enabled so either the module loaded fine, or = he has device pf in his kernel config. I'm waiting for both his snip from /etc/rc.conf and pfctl -vnf = /etc/pf.conf ;) Also note that pfctl -nf /etc/pf.conf doesn't actually load the rules, = the -n flag makes it only parse the rules and show errors.