Date: Fri, 30 Nov 2012 13:23:16 +0100 From: Fleuriot Damien <ml@my.gd> To: Tiago Felipe <tfgoncalves@yahoo.com.br> Cc: freebsd-pf@freebsd.org Subject: Re: pfctl -s rules Message-ID: <9A9FCC5B-CAB2-4EF6-A0FD-2356D9997658@my.gd> In-Reply-To: <50B8A47E.8060604@yahoo.com.br> References: <49BF4308335C496593D1D7C82391C805@yahoo.com> <FE4E0127-F5A8-49C4-9BE3-814DAC35329A@my.gd> <50B8A47E.8060604@yahoo.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 30, 2012, at 1:20 PM, Tiago Felipe <tfgoncalves@yahoo.com.br> = wrote: > On 11/30/2012 09:02 AM, Fleuriot Damien wrote: >> On Nov 30, 2012, at 12:00 PM, Laszlo = Danielisz<laszlo_danielisz@yahoo.com> wrote: >>=20 >>> Hi Everybody, >>>=20 >>> Recently I've discover the following issues: I can't display my = firewalls rules, and the firewall is enabled. >>> Take a look what is happening: >>>=20 >>> ktulu# pfctl -s rules >>> No ALTQ support in kernel >>> ALTQ related functions disabled >>> ktulu# pfctl -e >>> No ALTQ support in kernel >>> ALTQ related functions disabled >>> pfctl: pf already enabled >>>=20 >>> ktulu# uname -a >>> FreeBSD ktulu.danielisz.eu 8.3-RELEASE-p3 FreeBSD 8.3-RELEASE-p3 #0: = Mon Jun 11 23:52:38 UTC 2012 = root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 >>>=20 >>>=20 >>>=20 >>> Do you have any idea why I can not see them? >>>=20 >>> Thx! >>> Laszlo >>=20 >>=20 >> Actually, I believe you can see your rules, all the 0 of them. >>=20 >> Try pfctl -nf /etc/pf.conf >>=20 >> See if you have an error when loading the rules, that would explain = it all. >>=20 >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > # pfctl -s all >=20 > the device is loaded? >=20 > # kldload pf.ko >=20 > or recompile the kernel >=20 > device pf > device pflog > device pfsync >=20 > after that reload the rules wtih # pfctl -nf /etc/pf.conf and see if = change something. >=20 > sorry, my english sux. >=20 > --=20 > Att, > Tiago Felipe Gon=E7alves. > Gerente de Infraestrutura de TI. > +55 19 99196494 His pfctl -si shows pf is enabled so either the module loaded fine, or = he has device pf in his kernel config. I'm waiting for both his snip from /etc/rc.conf and pfctl -vnf = /etc/pf.conf ;) Also note that pfctl -nf /etc/pf.conf doesn't actually load the rules, = the -n flag makes it only parse the rules and show errors.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9A9FCC5B-CAB2-4EF6-A0FD-2356D9997658>