Big problems with PF on freeBSD 6.2
Erik Norgaard
norgaard at locolomo.org
Sun Feb 11 12:57:16 UTC 2007
Tim T Bos wrote:
> Hi Erik,
>
> I used a GENERIC kernel as well as a custom kernel.
> Both have the same behavior.
>
> I even tried a default install without any extra boot options.
>
> ON FreeBSD 5.5 i didn't have this problem.
>
> I'm going to try to log all actions.
>
> I must do something seriously wrong.....
I think it is probably just a typo that you've got blind to.
I suggest you stick with the GENERIC kernel until you have things
figured out, that way we all know what you're talking about. There
should be no loading of pf related modules in your loader.conf, in
rc.conf you should have:
# Packet Filter
pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
You should not have any of the firewall_ options set, these applies to ipfw.
Then make a simple rule set:
# Default action (this rule will never match)
block log all
# Your pass rules goes here
# Catch up anything that falls through here:
block log quick all
The last rule is obviously not needed, but I like to have it just in
case there is something I missed.
Do
# tcpdump -n -e -ttt -i pflog0
To watch live what happens (make sure that pflog is up and running).
Cheers, Erik
--
Ph: +34.666334818 web: http://www.locolomo.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3408 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20070211/7d23dc31/smime.bin
More information about the freebsd-questions
mailing list