Problem with PF

Pat Maddox pergesu at gmail.com
Thu Mar 31 15:42:02 PST 2005 

It looks like the error happens as soon as I reference an interface. 
Even if I just make my config file:
pass quick on lo0 all

I get the error.  So something's messed up...I've just got no idea
what.  Here are the results of ifconfig, to hopefully provide some
more info:

rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet 69.61.54.162 netmask 0xfffffff8 broadcast 69.61.54.167
        inet6 fe80::20c:6eff:fe44:4391%rl0 prefixlen 64 scopeid 0x1 
        ether 00:0c:6e:44:43:91
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000 
        inet6 ::1 prefixlen 128 
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2


On Thu, 31 Mar 2005 15:54:22 -0700, Pat Maddox <pergesu at gmail.com> wrote:
> I just got a new server with FreeBSD 5.3 installed, tried to set up
> PF, and am getting an error when I try to parse the file.  I updated
> to patch release 6, hoping that might solve things, but I still get
> the error.  Here's the error itself:
> 
> pfctl: ifa_load: pfi_get_ifaces: Bad file descriptor
> 
> And now for pf.conf:
> 
> # ------- pf.conf skeleton for server
> #
> # --------------- MACRO Section  -----------------
> 
> EXT_IF="rl0"
> 
> PING = "echoreq"
> 
> # --- allowed incoming services initiated by clients
> 
> TCP_IN = "{ ssh }"
> #UDP_IN = "{  }"
> 
> # --- allowed services initiated by server
> 
> TCP_OUT = "{ ssh, ftp, http, ntp, 5999 }"
> UDP_OUT = "{ domain, ntp }"
> 
> # ------------------ TABLE Section --------------
> 
> # ------------------ OPTIONS Section
> set loginterface $EXT_IF
> 
> # --------- TRAFFIC NORMALIZATION ----------------
> scrub in all
> # ---------- TRANSLATION Section (NAT/RDR)
> 
> # ---------- FILTER section
> 
> # --- DEFAULT POLICY
> block log all
> 
> # --- LOOPBACK
> pass quick on lo0 all
> 
> # ======================= INCOMING ================
> # ----------- EXTERNAL INTERFACE
> 
> # --- TCP
> pass in quick on $EXT_IF inet proto tcp from any to $EXT_IF port
> $TCP_IN flags S/SA keep state
> 
> # --- UDP
> #pass in quick on $EXT_IF inet proto udp from any to $EXT_IF port
> $UDP_IN keep state
> 
> # --- ICMP
> pass in quick on $EXT_IF inet proto icmp from any to $EXT_IF icmp-type
> $PING keep state
> 
> # ======================= OUTGOING ================
> # ----------- EXTERNAL INTERFACE
> 
> # --- TCP
> pass out quick on $EXT_IF inet proto tcp from $EXT_IF to any port
> $TCP_OUT flags S/SA  keep state
> 
> # --- UDP
> pass out quick on $EXT_IF inet proto udp from $EXT_IF to any port
> $UDP_OUT keep state
> 
> # --- ICMP
> pass out quick on $EXT_IF inet proto icmp from $EXT_IF to any
> icmp-type $PING keep state
> 
> # ----------------- end of pf.conf
>

More information about the freebsd-pf mailing list