Big problems with PF on freeBSD 6.2
Tim T Bos
flyweight at casema.nl
Sat Feb 10 15:47:37 UTC 2007
Hi Erik,
I used a GENERIC kernel as well as a custom kernel.
Both have the same behavior.
I even tried a default install without any extra boot options.
ON FreeBSD 5.5 i didn't have this problem.
I'm going to try to log all actions.
I must do something seriously wrong.....
Thanks anyway
Erik Norgaard wrote:
> Tim T Bos wrote:
>> Hi Guys,
>>
>> I have a problem with PF. Normally when I load pf.ko it uses deny all
>> as default.
>> But if i compile it in the kernel or load it as a module both it
>> won't work.
>> If a have only one rule "block all" or "block all on ext_if" I can still
>> go on the internet and if I portscan my computer i get most ports closed
>> and some by my isp filtered ports (137 139 and some onher MS ports).
>>
>> I tried a clean install of freebsd 6.2 with the latest stable source
>> ass well.
>
> you mean "as well" :)
>
> Do you use a GENERIC kernel? If you have a custom kernel or try to set
> special options for pf post those options. Also, post any boot options
> that toggle pf behaviour.
>
> The default behaviour of pf is "pass all", I don't remember if there
> is a boot option or similar to change this.
>
> But anyway, I think it is better to go with the default and set your
> desired default action explicitly as the first rule in your rule set.
> Try a GENERIC kernel and see if packets are blocked correctly by a
> "block log all" rule.
>
> In any case, you should add "log" to your rules for debugging, so you
> can see if ruleset is matched and where packets are blocked or passed.
>
> Cheers, Erik
>
More information about the freebsd-questions
mailing list