From owner-freebsd-pf@FreeBSD.ORG Fri Jan 25 17:54:28 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 551C016A417 for ; Fri, 25 Jan 2008 17:54:28 +0000 (UTC) (envelope-from spomerg@cwu.EDU) Received: from charybdis.cts.cwu.edu (charybdis.cts.cwu.edu [198.104.67.152]) by mx1.freebsd.org (Postfix) with ESMTP id 457AB13C457 for ; Fri, 25 Jan 2008 17:54:28 +0000 (UTC) (envelope-from spomerg@cwu.EDU) Received: from CONVERSION-CWU-DAEMON.CHARYBDIS.CTS.CWU.EDU by CHARYBDIS.CTS.CWU.EDU (PMDF V6.3-x13 #31358) id <01MQI86JIN5S001WKR@CHARYBDIS.CTS.CWU.EDU> for freebsd-pf@freebsd.org; Fri, 25 Jan 2008 09:54:27 -0800 (PST) Received: from hermes.cwu.edu (hermes.cwu.edu [172.16.21.28]) by CHARYBDIS.CTS.CWU.EDU (PMDF V6.3-x13 #31358) with ESMTP id <01MQI86JBUAC001RSI@CHARYBDIS.CTS.CWU.EDU> for freebsd-pf@freebsd.org; Fri, 25 Jan 2008 09:54:27 -0800 (PST) Received: from cwugate1-MTA by hermes.cwu.edu with Novell_GroupWise; Fri, 25 Jan 2008 09:54:27 -0800 Date: Fri, 25 Jan 2008 09:54:19 -0800 From: Gavin Spomer To: freebsd-pf@freebsd.org Message-id: <4799B1CB020000900001301E@hermes.cwu.edu> MIME-version: 1.0 X-Mailer: Novell GroupWise Internet Agent 7.0.2 HP Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: quoted-printable Content-disposition: inline Subject: Re: How does /dev/pf get created? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Jan 2008 17:54:28 -0000 I followed your instructions to a "T" and then after I rebooted, I double = checked everything to make sure I didn't do anything stupid. Still no /dev/pf. Running kldstat still shows that = pf.ko didn't get loaded. Trying to load it via your instructions (kldload -v pf) I get: kldload: can't load pf: No such file or directory When I ran this before following your instructions I got something = like: (I'm doing this partially from memory) kldload: can't load pf.ko: File exists That doesn't make a lick of sense to me. Stupid (?) question: Is there a way to manually create /dev/pf or can = it be copied from another system? Thanks for taking the time to help this quasi-newbie. :) - Gavin >>> Jeremy Chadwick 01/25/08 9:08 AM >>> 1) Remove the following lines from your kernel configuration: device pf device pflog device pfsync options ALTQ And replace them with just these: # pf altq support options ALTQ options ALTQ_CBQ # Class Bases Queueing options ALTQ_RED # Random Early Drop options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler options ALTQ_CDNR # Traffic conditioner options ALTQ_PRIQ # Priority Queueing options ALTQ_NOPCC # Required for SMP build options ALTQ_DEBUG 2) Remove pf-related lines from /etc/rc.conf and use these instead: pf_enable=3D"yes" pflog_enable=3D"yes" 3) Rebuild your kernel and reboot; remove the KERNCONF=3Dxxx stuff if you went ahead and added the KERNCONF=3Dxxx line to /etc/make.conf. cd /usr/src make buildkernel KERNCONF=3Dwhatever make installkernel KERNCONF=3Dwhatever reboot 4) See if pf loads after that. I'm left thinking there's some bizarre situation where since you have the "device pf" (and related stuff) in your kernel config hard-coded, the rc.d/pf script isn't properly initialising pf. I can assure you that the above steps described are *exactly* what we use on our RELENG_6 production systems with pf, and we've never run into any trouble.