Re: pfctl -s rules

Fri, 30 Nov 2012 04:43:30 -0800 

On 11/30/2012 10:23 AM, Fleuriot Damien wrote:

On Nov 30, 2012, at 1:20 PM, Tiago Felipe<[email protected]>  wrote:


On 11/30/2012 09:02 AM, Fleuriot Damien wrote:

On Nov 30, 2012, at 12:00 PM, Laszlo Danielisz<[email protected]>   
wrote:


Hi Everybody,

Recently I've discover the following issues: I can't display my firewalls 
rules, and the firewall is enabled.
Take a look what is happening:

ktulu# pfctl -s rules
No ALTQ support in kernel
ALTQ related functions disabled
ktulu# pfctl -e
No ALTQ support in kernel
ALTQ related functions disabled
pfctl: pf already enabled

ktulu# uname -a
FreeBSD ktulu.danielisz.eu 8.3-RELEASE-p3 FreeBSD 8.3-RELEASE-p3 #0: Mon Jun 11 
23:52:38 UTC 2012     
[email protected]:/usr/obj/usr/src/sys/GENERIC  i386



Do you have any idea why I can not see them?

Thx!
Laszlo


Actually, I believe you can see your rules, all the 0 of them.

Try pfctl -nf /etc/pf.conf

See if you have an error when loading the rules, that would explain it all.

_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"

# pfctl -s all

the device is loaded?

# kldload pf.ko

or recompile the kernel

device pf
device pflog
device pfsync

after that reload the rules wtih # pfctl -nf /etc/pf.conf and see if change 
something.

sorry, my english sux.

--
Att,
Tiago Felipe Gonçalves.
Gerente de Infraestrutura de TI.
+55 19 99196494


His pfctl -si shows pf is enabled so either the module loaded fine, or he has 
device pf in his kernel config.

I'm waiting for both his snip from /etc/rc.conf and pfctl -vnf /etc/pf.conf ;)

Also note that pfctl -nf /etc/pf.conf doesn't actually load the rules, the -n 
flag makes it only parse the rules and show errors.
sorry for my failure with -n flag, i've seen mistakes on small things,not cost check =] but -nf will show errors, rc.conf will be useful and pfctl -s all, give us a lot of info about. 

--
Att,
Tiago.

_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"

Reply via email to