pfctl -s rules

Tiago Felipe tfgoncalves at yahoo.com.br
Fri Nov 30 12:43:17 UTC 2012 

On 11/30/2012 10:23 AM, Fleuriot Damien wrote:
> On Nov 30, 2012, at 1:20 PM, Tiago Felipe<tfgoncalves at yahoo.com.br>  wrote:
>
>> On 11/30/2012 09:02 AM, Fleuriot Damien wrote:
>>> On Nov 30, 2012, at 12:00 PM, Laszlo Danielisz<laszlo_danielisz at yahoo.com>   wrote:
>>>
>>>> Hi Everybody,
>>>>
>>>> Recently I've discover the following issues: I can't display my firewalls rules, and the firewall is enabled.
>>>> Take a look what is happening:
>>>>
>>>> ktulu# pfctl -s rules
>>>> No ALTQ support in kernel
>>>> ALTQ related functions disabled
>>>> ktulu# pfctl -e
>>>> No ALTQ support in kernel
>>>> ALTQ related functions disabled
>>>> pfctl: pf already enabled
>>>>
>>>> ktulu# uname -a
>>>> FreeBSD ktulu.danielisz.eu 8.3-RELEASE-p3 FreeBSD 8.3-RELEASE-p3 #0: Mon Jun 11 23:52:38 UTC 2012     root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386
>>>>
>>>>
>>>>
>>>> Do you have any idea why I can not see them?
>>>>
>>>> Thx!
>>>> Laszlo
>>>
>>> Actually, I believe you can see your rules, all the 0 of them.
>>>
>>> Try pfctl -nf /etc/pf.conf
>>>
>>> See if you have an error when loading the rules, that would explain it all.
>>>
>>> _______________________________________________
>>> freebsd-pf at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>> # pfctl -s all
>>
>> the device is loaded?
>>
>> # kldload pf.ko
>>
>> or recompile the kernel
>>
>> device pf
>> device pflog
>> device pfsync
>>
>> after that reload the rules wtih # pfctl -nf /etc/pf.conf and see if change something.
>>
>> sorry, my english sux.
>>
>> -- 
>> Att,
>> Tiago Felipe Gonçalves.
>> Gerente de Infraestrutura de TI.
>> +55 19 99196494
>
> His pfctl -si shows pf is enabled so either the module loaded fine, or he has device pf in his kernel config.
>
> I'm waiting for both his snip from /etc/rc.conf and pfctl -vnf /etc/pf.conf ;)
>
> Also note that pfctl -nf /etc/pf.conf doesn't actually load the rules, the -n flag makes it only parse the rules and show errors.
>
sorry for my failure with -n flag, i've seen mistakes on small 
things,not cost check =]
but -nf will show errors, rc.conf will be useful and pfctl -s all, give 
us a lot of info about.

-- 
Att,
Tiago.

More information about the freebsd-pf mailing list