Date: Fri, 03 Oct 2008 15:05:04 +0200 From: Volker <volker@vwsoft.com> To: Bruce Cran <bruce@cran.org.uk> Cc: stable@freebsd.org Subject: Re: pf rules not being loaded during boot on 7.1-PRERELEASE Message-ID: <48E61880.903@vwsoft.com> In-Reply-To: <48E535D3.8000805@cran.org.uk> References: <48E535D3.8000805@cran.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/23/-58 20:59, Bruce Cran wrote: > <div class="moz-text-flowed">I recently upgraded my i386 router from 7.0 > to 7.1-PRERELEASE. I rebooted it today but despite pf_enable="YES" > being in /etc/rc.conf no rules got loaded during boot, despite pf itself > having been enabled: > > router# pfctl -s rules > router# pfctl -e -f /etc/pf.conf > pfctl: pf already enabled > [connection is closed due to new rules being loaded] > router# pfctl -s rules > scrub in all fragment reassemble > [... lots of rules listed] > > Has anyone else seen this problem, or have I just missed something > that's changed between 7.0 and 7.1 in the way pf works? > Hi Bruce, > # pfctl -sr | wc -l > 81 > # grep pf /etc/rc.conf > pf_enable="YES" > pf_rules="/etc/Firewall/pf-ces.conf" > pflog_enable="YES" this is from a very recent 7-STABLE box: > # uname -a > FreeBSD cesar.sz.vwsoft.com 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #46: Tue Sep 30 23:33:36 CEST 2008 root@cesar.sz.vwsoft.com:/usr/obj/usr/src/sys/CESAR i386 Do you mind to show me your rules? What does ``pfctl -gnf /path/to/your/rules'' give? Volker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48E61880.903>