pf starts, but no rules
Dan Langille
dan at langille.org
Tue Feb 13 00:46:18 UTC 2007
On 10 Feb 2007 at 13:53, Kian Mohageri wrote:
> On 2/10/07, Dan Langille <dan at langille.org> wrote:
> >
> > Hi folks,
> >
> > Yesterday I rebooted a server to load a new kernel. After the
> > reboot, the firewall rules were not loaded.
> >
> > $ grep pf /etc/rc.conf
> > pf_enable="YES"
> > pflog_enable="YES"
> > pf_rules="/etc/pf.rules"
> >
> > I never checked for the rules until today and found this:
> >
> >
> >
> > [dan at nyi:~] $ sudo pfctl -sa | less
> > Password:
> > No ALTQ support in kernel
> > ALTQ related functions disabled
> > FILTER RULES:
> >
> > INFO:
> > Status: Enabled for 0 days 19:59:39 Debug: None
> >
> > Hostid: 0x36eae8cf
> >
> > State Table Total Rate
> > current entries 0
> > searches 5515422 76.6/s
> >
> > etc...
> >
> > Loading the rules manually works:
> >
> > [dan at nyi:~] $ sudo pfctl -f /etc/pf.rules
> > No ALTQ support in kernel
> > ALTQ related functions disabled
> > [dan at nyi:~] $
> >
> > After loading, pfctl -sa shows the output I would expect.
> >
> > Ideas? Suggestions?
> >
> > Is anyone else using PF with a pf_rules specified?
> >
> > FWIW, I notice I have one host identified by FQDN in my rules.
>
>
>
> I had this problem as well, and it is because at the time the pf rules are
> loaded, the FQDN cannot be resolved. I believe that is because of the
> "BEFORE: routing" dependency in /etc/rc.d/pf.
Interesting... I just tried to reproduce the problem on a test
server, and was unable to. I'll keep trying.
--
Dan Langille : Software Developer looking for work
my resume: http://www.freebsddiary.org/dan_langille.php
PGCon - The PostgreSQL Conference - http://www.pgcon.org/
More information about the freebsd-pf
mailing list