Date: Thu, 31 Mar 2005 15:54:22 -0700 From: Pat Maddox <pergesu@gmail.com> To: freebsd-pf@freebsd.org Subject: Problem with PF Message-ID: <810a540e0503311454589ae1cc@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I just got a new server with FreeBSD 5.3 installed, tried to set up PF, and am getting an error when I try to parse the file. I updated to patch release 6, hoping that might solve things, but I still get the error. Here's the error itself: pfctl: ifa_load: pfi_get_ifaces: Bad file descriptor And now for pf.conf: # ------- pf.conf skeleton for server # # --------------- MACRO Section ----------------- EXT_IF="rl0" PING = "echoreq" # --- allowed incoming services initiated by clients TCP_IN = "{ ssh }" #UDP_IN = "{ }" # --- allowed services initiated by server TCP_OUT = "{ ssh, ftp, http, ntp, 5999 }" UDP_OUT = "{ domain, ntp }" # ------------------ TABLE Section -------------- # ------------------ OPTIONS Section set loginterface $EXT_IF # --------- TRAFFIC NORMALIZATION ---------------- scrub in all # ---------- TRANSLATION Section (NAT/RDR) # ---------- FILTER section # --- DEFAULT POLICY block log all # --- LOOPBACK pass quick on lo0 all # ======================= INCOMING ================ # ----------- EXTERNAL INTERFACE # --- TCP pass in quick on $EXT_IF inet proto tcp from any to $EXT_IF port $TCP_IN flags S/SA keep state # --- UDP #pass in quick on $EXT_IF inet proto udp from any to $EXT_IF port $UDP_IN keep state # --- ICMP pass in quick on $EXT_IF inet proto icmp from any to $EXT_IF icmp-type $PING keep state # ======================= OUTGOING ================ # ----------- EXTERNAL INTERFACE # --- TCP pass out quick on $EXT_IF inet proto tcp from $EXT_IF to any port $TCP_OUT flags S/SA keep state # --- UDP pass out quick on $EXT_IF inet proto udp from $EXT_IF to any port $UDP_OUT keep state # --- ICMP pass out quick on $EXT_IF inet proto icmp from $EXT_IF to any icmp-type $PING keep state # ----------------- end of pf.conf
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?810a540e0503311454589ae1cc>