pf rules not being loaded during boot on 7.1-PRERELEASE
Volker
volker at vwsoft.com
Fri Oct 3 13:22:23 UTC 2008
On 12/23/-58 20:59, Bruce Cran wrote:
> <div class="moz-text-flowed">I recently upgraded my i386 router from 7.0
> to 7.1-PRERELEASE. I rebooted it today but despite pf_enable="YES"
> being in /etc/rc.conf no rules got loaded during boot, despite pf itself
> having been enabled:
>
> router# pfctl -s rules
> router# pfctl -e -f /etc/pf.conf
> pfctl: pf already enabled
> [connection is closed due to new rules being loaded]
> router# pfctl -s rules
> scrub in all fragment reassemble
> [... lots of rules listed]
>
> Has anyone else seen this problem, or have I just missed something
> that's changed between 7.0 and 7.1 in the way pf works?
>
Hi Bruce,
> # pfctl -sr | wc -l
> 81
> # grep pf /etc/rc.conf
> pf_enable="YES"
> pf_rules="/etc/Firewall/pf-ces.conf"
> pflog_enable="YES"
this is from a very recent 7-STABLE box:
> # uname -a
> FreeBSD cesar.sz.vwsoft.com 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #46: Tue Sep 30 23:33:36 CEST 2008 root at cesar.sz.vwsoft.com:/usr/obj/usr/src/sys/CESAR i386
Do you mind to show me your rules? What does ``pfctl -gnf
/path/to/your/rules'' give?
Volker
More information about the freebsd-stable
mailing list