From owner-freebsd-questions@FreeBSD.ORG Wed May 14 09:30:22 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 05055106566C for ; Wed, 14 May 2008 09:30:22 +0000 (UTC) (envelope-from cybersans@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.227]) by mx1.freebsd.org (Postfix) with ESMTP id CC5FF8FC17 for ; Wed, 14 May 2008 09:30:21 +0000 (UTC) (envelope-from cybersans@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so4895534rvf.43 for ; Wed, 14 May 2008 02:30:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=pXJBq1uHXUexYeAjAEonjTU4dv09x+beNhnL3VOHuZA=; b=opIVkGLwk7B9fl+1D4cVn3z1jsoLDVcoYTG+mZjcb9eQQdA1UOrkz9YOObe55rJu2GiueS0YcL6TLhA7T11fRkgd9DKQXhdBk+rxNzzWnjNSbjN3773ljGqdCS25/JiwP3LO43V2H8cjSoK0ygYvVtPlRkblNJaxQL8/+UDhsGQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=bRkeDUmYcUpxjDJS6WgW+XVdhj7XlE+Re6oaPqcddW2cg4grC+t5PyE2xsfhepw4X8jj8li8BWfjPTtK/8porfrG9OthmUCONxRPlAo0XYtTPMUqAairRndpe6ei+Pne384SCE6Ip8kqUfMNscBK7G9nxQj0lMKu7U1JB4Ox9Bs= Received: by 10.140.203.15 with SMTP id a15mr370207rvg.212.1210757421488; Wed, 14 May 2008 02:30:21 -0700 (PDT) Received: by 10.141.84.20 with HTTP; Wed, 14 May 2008 02:30:21 -0700 (PDT) Message-ID: <15af975d0805140230i6a162aw492fdf9995d7b990@mail.gmail.com> Date: Wed, 14 May 2008 17:30:21 +0800 From: "CyberSans AirBort" To: "Doug Hardie" , freebsd-questions@freebsd.org In-Reply-To: MIME-Version: 1.0 References: <15af975d0805131824i142a4847u852a6ad09f61e526@mail.gmail.com> <15af975d0805140140m588027f7xa77cabb997e2b5bc@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: problem on pf @ freebsd 7.0 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2008 09:30:22 -0000 oh yes. i did type exactly like that. and still pf didn't load on startup even though it has /etc/rc.d/pf and like i said before, i have to re-load the pf by using /etc/rc.d/pf restart btw, what kind of freebsd's distro that you used without having problem on this pf? 7.0? On Wed, May 14, 2008 at 4:59 PM, Doug Hardie wrote: > > On May 14, 2008, at 01:40, CyberSans AirBort wrote: > > kldstat only shows: > > Id Refs Address Size Name > > 1 7 0xc0400000 910b90 kernel > > 2 1 0xc0d11000 6a32c acpi.ko > > 3 1 0xc6c4f000 22000 linux.ko > > > > yes, i already put: > > pf_load="YES" > > pflog_load="YES" > > pfsync_load="YES" > > inside /boot/loader.conf > > > > and my previous message, i already compile the kernel with pf and put > > appropriate line inside /etc/rc.conf > > > > and the pf still do not loading when freebsd 7.0 boot up. > > > > thank you > > > > On Wed, May 14, 2008 at 2:28 PM, Doug Hardie wrote: > > > > On May 13, 2008, at 18:24, CyberSans AirBort wrote: > > > > hello there. sorry if this similar question been asked before in this > > forum. > > > > my problem is, i install freebsd 7.0 and after that compile the kernel > > to > > enable pf (using the same method like freebsd's handbook said): > > > > device pf > > device pflog > > device pfsync > > > > options ALTQ > > options ALTQ_CBQ > > options ALTQ_RED > > options ALTQ_RIO > > options ALTQ_HFSC > > options ALTQ_CDNR > > options ALTQ_PRIQ > > options ALTQ_NOPCC > > > > and i put everything inside /etc/rc.conf > > > > pf_enable="YES" > > pf_rules="/etc/pf.conf" > > pf_flags="" > > pflog_enable="YES" > > pflog_logfile="/var/log/pflog" > > pflog_flags="" > > > > and guess what? pf is not loading when startup. i have to manually > > restarted > > the pf using /etc/rc.d/pf restart > > > > is that a bug? i never have this kind of problem when using version 5.* > > or > > 6.* > > > > Did you load the kernel extensions: pflog and pf? Use kldstat and make > > sure both of them appear. I had to add pflog_load="YES" to > > /boot/loader.conf to get it to work properly. > > > > pf should be loaded by /etc/rc.d/pf. pflog has to be loaded by you. > Easiest is in /boot/loader.conf as described above. Check the typing very > carefully for the pf commands. Mine are: > > pf_enable="YES" # Enable PF (load module if required) > pf_rules="/etc/pf.conf" # rules definition file for pf > pf_flags="" # additional flags for pfctl startup > > >