pfctl -s rules

[Fleuriot Damien]

On Nov 30, 2012, at 1:20 PM, Tiago Felipe <tfgoncalves at yahoo.com.br> wrote:

> On 11/30/2012 09:02 AM, Fleuriot Damien wrote:
>> On Nov 30, 2012, at 12:00 PM, Laszlo Danielisz<laszlo_danielisz at yahoo.com>  wrote:
>> 
>>> Hi Everybody,
>>> 
>>> Recently I've discover the following issues: I can't display my firewalls rules, and the firewall is enabled.
>>> Take a look what is happening:
>>> 
>>> ktulu# pfctl -s rules
>>> No ALTQ support in kernel
>>> ALTQ related functions disabled
>>> ktulu# pfctl -e
>>> No ALTQ support in kernel
>>> ALTQ related functions disabled
>>> pfctl: pf already enabled
>>> 
>>> ktulu# uname -a
>>> FreeBSD ktulu.danielisz.eu 8.3-RELEASE-p3 FreeBSD 8.3-RELEASE-p3 #0: Mon Jun 11 23:52:38 UTC 2012     root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386
>>> 
>>> 
>>> 
>>> Do you have any idea why I can not see them?
>>> 
>>> Thx!
>>> Laszlo
>> 
>> 
>> Actually, I believe you can see your rules, all the 0 of them.
>> 
>> Try pfctl -nf /etc/pf.conf
>> 
>> See if you have an error when loading the rules, that would explain it all.
>> 
>> _______________________________________________
>> freebsd-pf at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
> # pfctl -s all
> 
> the device is loaded?
> 
> # kldload pf.ko
> 
> or recompile the kernel
> 
> device pf
> device pflog
> device pfsync
> 
> after that reload the rules wtih # pfctl -nf /etc/pf.conf and see if change something.
> 
> sorry, my english sux.
> 
> -- 
> Att,
> Tiago Felipe Gonçalves.
> Gerente de Infraestrutura de TI.
> +55 19 99196494


His pfctl -si shows pf is enabled so either the module loaded fine, or he has device pf in his kernel config.

I'm waiting for both his snip from /etc/rc.conf and pfctl -vnf /etc/pf.conf ;)

Also note that pfctl -nf /etc/pf.conf doesn't actually load the rules, the -n flag makes it only parse the rules and show errors.