Re: pf question
On Tue, 9 Sep 2008 00:17:39 -0500 (CDT) Scott Bennett <[EMAIL PROTECTED]> wrote: > I'm just starting to play around with pf to get it to handle NAT > for a LAN, and I've just discovered that I don't know how to get pf > to reload /etc/pf.conf after I make changes to it. "pfctl -d -e" > doesn't do it, and neither does "pfctl -d; pfctl -e". Is there a way > to do it besides rebooting? /etc/rc.d/pf reload -- Bruce Cran ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf question
On Tue, Sep 9, 2008 at 8:17 AM, Scott Bennett <[EMAIL PROTECTED]> wrote: > I'm just starting to play around with pf to get it to handle NAT for > a LAN, and I've just discovered that I don't know how to get pf to reload > /etc/pf.conf after I make changes to it. "pfctl -d -e" doesn't do it, and > neither does "pfctl -d; pfctl -e". Is there a way to do it besides rebooting? pfctl -f /etc/pf.conf http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html -- regards, Artis Caune <. CCNA <| <' didii FreeBSD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: pf question
pfctl -f /etc/pf.conf # loads the pf.conf file pfctl -Nf /etc/pf.conf # Load only the NAT rules from the file pfctl -Rf /etc/pf.conf # Load only the filter rules from the file -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Scott Bennett Sent: Tuesday, September 09, 2008 1:18 PM To: freebsd-questions@freebsd.org Subject: pf question I'm just starting to play around with pf to get it to handle NAT for a LAN, and I've just discovered that I don't know how to get pf to reload /etc/pf.conf after I make changes to it. "pfctl -d -e" doesn't do it, and neither does "pfctl -d; pfctl -e". Is there a way to do it besides rebooting? Please copy me in directly on any replies. I'm subscribed to the digest form of this list, so I get all the messages at once, usually once a day, so I'll see the responses much sooner if they come to me directly as well as to the list. Thanks much! Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf question
Richard C. Isaacson wrote: Dick Davies wrote: On 12/01/06, Vasile Cristescu <[EMAIL PROTECTED]> wrote: does pf has something like " ipfw -d show " ? I don't know. What does 'ipfw -d show' do? Are you asking if you can print out rules? pfctl -sr -v '-d' in ipfw includes the dynamic rules in the list output. The command the OP needs is: pfctl -ss -vv which prints the state table. Unlike ipfw(8), it's not in the same format as the rule list, but it tells you what you need to know. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: pf question
Are you asking if you can print out rules? pfctl -sr -v Dick Davies wrote: On 12/01/06, Vasile Cristescu <[EMAIL PROTECTED]> wrote: does pf has something like " ipfw -d show " ? I don't know. What does 'ipfw -d show' do? -- Rasputin :: Jack of All Trades - Master of Nuns http://number9.hellooperator.net/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf question
On 12/01/06, Vasile Cristescu <[EMAIL PROTECTED]> wrote: > does pf has something like " ipfw -d show " ? I don't know. What does 'ipfw -d show' do? -- Rasputin :: Jack of All Trades - Master of Nuns http://number9.hellooperator.net/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pf question
On 2005-03-08 06:49, "J.D. Bronson" <[EMAIL PROTECTED]> wrote: > First my ifconfig -A: > > # ifconfig -A > bge0: flags=8843 mtu 1500 > address: > media: Ethernet autoselect (100baseTX full-duplex) > status: active > inet 192.168.82.1 netmask 0xff00 broadcast 192.168.82.255 > inet 192.168.82.2 netmask 0x broadcast 192.168.82.2 > > > I use a rule in the firewall such as this: > # macros > int_if = "bge0" > > pass in on $int_if from $int_if:network to any modulate state > pass out on $int_if from any to $int_if:network modulate state > > This expands to: > pass in on bge0 inet from 192.168.82.0/24 to any modulate state > pass in on bge0 inet from 192.168.82.2 to any modulate state > pass out on bge0 inet from any to 192.168.82.0/24 modulate state > pass out on bge0 inet from any to 192.168.82.2 modulate state > > Why does it pick the alias IP on the nic and not the actual IP? > Is this intended by design? Because the first IP address has a netmask with zero bits, and pf is smart enough to recognize this as part of a subnet/network (this is, after all the meaning of the :network modifier). The alias IP has a netmask of 0x, which may match only that alias address. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
