--- Comment #26 from Anatoly <> ---
I see no problem with rules, but they are referring to two address tables that
is used as "blacklists": snort2c and webConfiguratorlockout. Can you show me
content of those tables (while ue0 as lan):
#pfctl -t snort2c -T show
#pfctl -t webConfiguratorlockout -T show
And your nat/redirect rules also:
#pfctl -s nat

The other situation I can think of is if ue0 disappears from the system (for
some USB related matters) after pf rules was loaded. And when it appears back,
pf may have troubles to handle it (although it must). Can you check output of
#dmesg or /var/log/messages to see if some USB disconnects of ue0 occurs?
Anyway, in such a situations clearing firewall state and reloading rules again
may help. You may try:
Just for sure
#pfctl -d
#pfctl -e
Clear pf state tables:
#pfctl -F state
Clear pf address tables (your blacklists e.t.c.)
#pfctl -F Tables
Now you need pf config (rules) file to reload. Simplest is to dump existing
#pfctl -s rules > aa
(it's like previously created 'a', but without anchors information. You may
also use 'a' but it needs to remove by hand all "anchor "*" all { }") Check
that file isn't empty. This file will not contain nat/redirects, but enough for
Or, in FreeBSD default location for pf config that is applied at boot is
/etc/pf.conf. You may examine that file to see if it contain similar rules and
have right modification date.
Clear everything:
#pfctl -F all
Load rules back:
#pfctl -f aa
See if no errors occurs. Test.

You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________ mailing list
To unsubscribe, send any mail to ""

Reply via email to