Big problems with PF on freeBSD 6.2

Erik Norgaard norgaard at
Sat Feb 10 15:15:15 UTC 2007

Tim T Bos wrote:
> Hi Guys,
> I have a problem with PF.  Normally when I load pf.ko it uses deny all
> as default.
> But if i compile it in the kernel or load it as a module both it won't work.
> If a have only one rule "block all" or "block all on ext_if" I can still
> go on the internet and if I portscan my computer i get most ports closed
> and some by my isp filtered ports (137 139 and some onher MS ports).
> I tried a clean install of freebsd 6.2 with the latest  stable source
> ass well.

you mean "as well" :)

Do you use a GENERIC kernel? If you have a custom kernel or try to set 
special options for pf post those options. Also, post any boot options 
that toggle pf behaviour.

The default behaviour of pf is "pass all", I don't remember if there is 
a boot option or similar to change this.

But anyway, I think it is better to go with the default and set your 
desired default action explicitly as the first rule in your rule set. 
Try a GENERIC kernel and see if packets are blocked correctly by a 
"block log all" rule.

In any case, you should add "log" to your rules for debugging, so you 
can see if ruleset is matched and where packets are blocked or passed.

Cheers, Erik

Ph: +34.666334818                      web:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3408 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the freebsd-questions mailing list