On Nov 30, 2012, at 1:20 PM, Tiago Felipe <[email protected]> wrote:
> On 11/30/2012 09:02 AM, Fleuriot Damien wrote: >> On Nov 30, 2012, at 12:00 PM, Laszlo Danielisz<[email protected]> >> wrote: >> >>> Hi Everybody, >>> >>> Recently I've discover the following issues: I can't display my firewalls >>> rules, and the firewall is enabled. >>> Take a look what is happening: >>> >>> ktulu# pfctl -s rules >>> No ALTQ support in kernel >>> ALTQ related functions disabled >>> ktulu# pfctl -e >>> No ALTQ support in kernel >>> ALTQ related functions disabled >>> pfctl: pf already enabled >>> >>> ktulu# uname -a >>> FreeBSD ktulu.danielisz.eu 8.3-RELEASE-p3 FreeBSD 8.3-RELEASE-p3 #0: Mon >>> Jun 11 23:52:38 UTC 2012 >>> [email protected]:/usr/obj/usr/src/sys/GENERIC i386 >>> >>> >>> >>> Do you have any idea why I can not see them? >>> >>> Thx! >>> Laszlo >> >> >> Actually, I believe you can see your rules, all the 0 of them. >> >> Try pfctl -nf /etc/pf.conf >> >> See if you have an error when loading the rules, that would explain it all. >> >> _______________________________________________ >> [email protected] mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "[email protected]" > # pfctl -s all > > the device is loaded? > > # kldload pf.ko > > or recompile the kernel > > device pf > device pflog > device pfsync > > after that reload the rules wtih # pfctl -nf /etc/pf.conf and see if change > something. > > sorry, my english sux. > > -- > Att, > Tiago Felipe Gonçalves. > Gerente de Infraestrutura de TI. > +55 19 99196494 His pfctl -si shows pf is enabled so either the module loaded fine, or he has device pf in his kernel config. I'm waiting for both his snip from /etc/rc.conf and pfctl -vnf /etc/pf.conf ;) Also note that pfctl -nf /etc/pf.conf doesn't actually load the rules, the -n flag makes it only parse the rules and show errors. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
