-P Enjoy.
On Nov 30, 2012, at 2:30 PM, Laszlo Danielisz <[email protected]> wrote: > Good idea, let me check. > One more think, while pfctl -vnf /etc/pf.conf how can I list the port numbers > instead of the protocol? > > ex: > pass in on em0 inet proto tcp from 192.168.1.0/24 to 192.168.1.2 port = ftp > flags S/SA keep state > > I want to see port = 21 instead of port = ftp > > -- > Laszlo Danielisz > Sent with Sparrow > > On 2012 November 30 Friday at 2:20 PM, Fleuriot Damien wrote: > >> It likely tries to apply rules on an interface that doesn't exist yet (for >> example openvpn's tun). >> >> There's also the chance your rules contain a fully qualified domain name, >> say example.com >> PF tries to load its rules, DNS resolution is not up yet, FQDN fails to >> resolve to anything meaningful, rules fail to laod. >> >> Review your rules for any non-physical interfaces (tun, gif) and domain >> names. >> >> >> On Nov 30, 2012, at 2:17 PM, Laszlo Danielisz <[email protected]> >> wrote: >> >>> Thank you very much for your help! >>> >>> pf is loaded to the kernel: >>> ktulu# kldstat|grep pf >>> 38 1 0xc4b41000 3000 pflog.ko >>> 39 1 0xc4b44000 35000 pf.ko >>> >>> and pfctl -vnf /etc/pf.conf did work, though I don't want to paste here the >>> whole result :) >>> >>> Here is the output of grep >>> >>> ktulu# grep pf /etc/rc.conf >>> #pf >>> pf_enable="YES" >>> pf_rules="/etc/pf.conf" >>> pf_flags="" >>> pflog_enable="YES" >>> pflog_logfile="/var/log/pflog" >>> pflog_flags="" >>> >>> I wonder why it doesn't start on boot time? >>> -- >>> Laszlo Danielisz >>> Sent with Sparrow >>> >>> On 2012 November 30 Friday at 1:40 PM, Tiago Felipe wrote: >>> >>>> On 11/30/2012 10:23 AM, Fleuriot Damien wrote: >>>>> On Nov 30, 2012, at 1:20 PM, Tiago Felipe<[email protected]> wrote: >>>>> >>>>>> On 11/30/2012 09:02 AM, Fleuriot Damien wrote: >>>>>>> On Nov 30, 2012, at 12:00 PM, Laszlo >>>>>>> Danielisz<[email protected]> wrote: >>>>>>> >>>>>>>> Hi Everybody, >>>>>>>> >>>>>>>> Recently I've discover the following issues: I can't display my >>>>>>>> firewalls rules, and the firewall is enabled. >>>>>>>> Take a look what is happening: >>>>>>>> >>>>>>>> ktulu# pfctl -s rules >>>>>>>> No ALTQ support in kernel >>>>>>>> ALTQ related functions disabled >>>>>>>> ktulu# pfctl -e >>>>>>>> No ALTQ support in kernel >>>>>>>> ALTQ related functions disabled >>>>>>>> pfctl: pf already enabled >>>>>>>> >>>>>>>> ktulu# uname -a >>>>>>>> FreeBSD ktulu.danielisz.eu 8.3-RELEASE-p3 FreeBSD 8.3-RELEASE-p3 #0: >>>>>>>> Mon Jun 11 23:52:38 UTC 2012 >>>>>>>> [email protected]:/usr/obj/usr/src/sys/GENERIC i386 >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Do you have any idea why I can not see them? >>>>>>>> >>>>>>>> Thx! >>>>>>>> Laszlo >>>>>>> >>>>>>> Actually, I believe you can see your rules, all the 0 of them. >>>>>>> >>>>>>> Try pfctl -nf /etc/pf.conf >>>>>>> >>>>>>> See if you have an error when loading the rules, that would explain it >>>>>>> all. >>>>>>> >>>>>>> _______________________________________________ >>>>>>> [email protected] mailing list >>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >>>>>>> To unsubscribe, send any mail to "[email protected]" >>>>>> # pfctl -s all >>>>>> >>>>>> the device is loaded? >>>>>> >>>>>> # kldload pf.ko >>>>>> >>>>>> or recompile the kernel >>>>>> >>>>>> device pf >>>>>> device pflog >>>>>> device pfsync >>>>>> >>>>>> after that reload the rules wtih # pfctl -nf /etc/pf.conf and see if >>>>>> change something. >>>>>> >>>>>> sorry, my english sux. >>>>>> >>>>>> -- >>>>>> Att, >>>>>> Tiago Felipe Gonçalves. >>>>>> Gerente de Infraestrutura de TI. >>>>>> +55 19 99196494 >>>>> >>>>> His pfctl -si shows pf is enabled so either the module loaded fine, or he >>>>> has device pf in his kernel config. >>>>> >>>>> I'm waiting for both his snip from /etc/rc.conf and pfctl -vnf >>>>> /etc/pf.conf ;) >>>>> >>>>> Also note that pfctl -nf /etc/pf.conf doesn't actually load the rules, >>>>> the -n flag makes it only parse the rules and show errors. >>>> sorry for my failure with -n flag, i've seen mistakes on small >>>> things,not cost check =] >>>> but -nf will show errors, rc.conf will be useful and pfctl -s all, give >>>> us a lot of info about. >>>> >>>> -- >>>> Att, >>>> Tiago. >>>> >>>> _______________________________________________ >>>> [email protected] mailing list >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >>>> To unsubscribe, send any mail to "[email protected]" >>> >> > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
