2009/3/9 J.C. Roberts <list-...@designtools.org>: > On Sun, 8 Mar 2009 16:01:57 -0700 Hilco Wijbenga > <hilco.wijbe...@gmail.com> wrote: > >> I have pf running on my firewall box and I'm experiencing some strange >> behaviour. After several hours (this may even be 24 hours) of >> functioning normally, pf seems to reload its default rules which means >> that from that point on all traffic is blocked. A simple "pfctl -f >> /etc/pf.conf" fixes the problem but it is very annoying. > > ummm... no. Think about it for a moment. The default rules *are* stored > in /etc/pf.conf --the very same file you are manually reloading, so > it's obviously not magically reloading the "default rules" as you claim.
Ah, different semantics. :-) By "default rules" I mean whatever pf does *without* an /etc/pf.conf. Probably something like "block all". > What kind of connection are you running? > Is your public IP address static or dynamic? > More importantly, are you running some sort of > tunneling/authentication such as PPPoE or simlar? I use DHCP so my IP can change. It's not particularly "public" though. My ISP gives me an IP in 192.168.1.*. :-( (A smart move on their part, I guess [no more running out of IPv4 addresses for them] but not very useful to me.) > In sort my first guess is your IP is changing every 24 hours or so due > to your service provider using dynamic addressing (and trying to > prevent you from having a particular IP for too long). If I'm right, > then your problem is that pf is holding on to the old rules for your > old IP address even though your IP had changed. In other words, you > have a configuration error. That definitely makes sense. However, I thought that by referring to an interface instead of an IP I was protected from that? I mean, it's fairly common to have a dynamic IP, is it not? Cheers, Hilco