PF rules not loading

[Henrik Hudson]

Hey List,

I just finishing supping to 8-BETA3 and after a reboot I noticed
that my PF rules weren't loading and hence NAT wasn't working for
internal clients, not to mention no firewall :)

This might not be specific to BETA3, but it's the first time I
noticed it concretely. I did have a power outage last week where
after a poweron I had to run pfctl -f /etc/pf.conf to get NAT working
again. This was under BETA2.

uname: FreeBSD cerberus.domain.local 8.0-BETA3 FreeBSD 8.0-BETA3
#1: Fri Sep  4 02:35:38 AKDT 2009
root at cerberus.domain.local:/usr/obj/usr/src/sys/CERBERUS  amd64

The kernel is 99% stock with the only changes being the IDENT and
adding PF and ALTQ specific items.

rc.conf:
#firewall -pf
pf_enable="YES"                  # Set to YES to enable packet
filter (pf)   
pf_rules="/etc/pf.conf"         # rules definition file for pf
pf_program="/sbin/pfctl"        # where the pfctl program lives
pf_flags=""                     # additional flags for pfctl
pflog_enable="YES"               # Set to YES to enable packet
filter logging
pflog_logfile="/var/log/pflog"  # where pflogd should store the
logfile
pflog_program="/sbin/pflogd"    # where the pflogd program lives
pflog_flags=""                  # additional flags for pflogd
pfsync_enable="NO"              # Expose pf state to other hosts for
syncing
pfsync_syncdev=""               # Interface for pfsync to work
through
pfsync_ifconfig=""              # Additional options to ifconfig(8)
for pfsync


Manually running /etc/rc.d/pf start   works fine and doesn't show
any errors.

Any further steps to troubleshoot this / check this?

hardware is a atom based mobo with the onboad re0 and then a xl0 PCI
card. re0 is internal facing and the xl0 is a DHCP external from my
ISP.

Henrik
-- 
Henrik Hudson
lists at rhavenn.net
-----------------------------------------
"God, root, what is difference?" Pitr; UF