RE: pf question
pfctl -f /etc/pf.conf # loads the pf.conf file pfctl -Nf /etc/pf.conf # Load only the NAT rules from the file pfctl -Rf /etc/pf.conf # Load only the filter rules from the file -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Scott Bennett Sent: Tuesday, September 09, 2008 1:18 PM To: freebsd-questions@freebsd.org Subject: pf question I'm just starting to play around with pf to get it to handle NAT for a LAN, and I've just discovered that I don't know how to get pf to reload /etc/pf.conf after I make changes to it. pfctl -d -e doesn't do it, and neither does pfctl -d; pfctl -e. Is there a way to do it besides rebooting? Please copy me in directly on any replies. I'm subscribed to the digest form of this list, so I get all the messages at once, usually once a day, so I'll see the responses much sooner if they come to me directly as well as to the list. Thanks much! Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf question
On Tue, Sep 9, 2008 at 8:17 AM, Scott Bennett [EMAIL PROTECTED] wrote: I'm just starting to play around with pf to get it to handle NAT for a LAN, and I've just discovered that I don't know how to get pf to reload /etc/pf.conf after I make changes to it. pfctl -d -e doesn't do it, and neither does pfctl -d; pfctl -e. Is there a way to do it besides rebooting? pfctl -f /etc/pf.conf http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html -- regards, Artis Caune . CCNA | ' didii FreeBSD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf question
On Tue, 9 Sep 2008 00:17:39 -0500 (CDT) Scott Bennett [EMAIL PROTECTED] wrote: I'm just starting to play around with pf to get it to handle NAT for a LAN, and I've just discovered that I don't know how to get pf to reload /etc/pf.conf after I make changes to it. pfctl -d -e doesn't do it, and neither does pfctl -d; pfctl -e. Is there a way to do it besides rebooting? /etc/rc.d/pf reload -- Bruce Cran ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf question
On 12/01/06, Vasile Cristescu [EMAIL PROTECTED] wrote: does pf has something like ipfw -d show ? I don't know. What does 'ipfw -d show' do? -- Rasputin :: Jack of All Trades - Master of Nuns http://number9.hellooperator.net/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf question
Are you asking if you can print out rules? pfctl -sr -v Dick Davies wrote: On 12/01/06, Vasile Cristescu [EMAIL PROTECTED] wrote: does pf has something like ipfw -d show ? I don't know. What does 'ipfw -d show' do? -- Rasputin :: Jack of All Trades - Master of Nuns http://number9.hellooperator.net/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf question
Richard C. Isaacson wrote: Dick Davies wrote: On 12/01/06, Vasile Cristescu [EMAIL PROTECTED] wrote: does pf has something like ipfw -d show ? I don't know. What does 'ipfw -d show' do? Are you asking if you can print out rules? pfctl -sr -v '-d' in ipfw includes the dynamic rules in the list output. The command the OP needs is: pfctl -ss -vv which prints the state table. Unlike ipfw(8), it's not in the same format as the rule list, but it tells you what you need to know. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: pf question
On 2005-03-08 06:49, J.D. Bronson [EMAIL PROTECTED] wrote: First my ifconfig -A: # ifconfig -A bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 address: media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.82.1 netmask 0xff00 broadcast 192.168.82.255 inet 192.168.82.2 netmask 0x broadcast 192.168.82.2 I use a rule in the firewall such as this: # macros int_if = bge0 pass in on $int_if from $int_if:network to any modulate state pass out on $int_if from any to $int_if:network modulate state This expands to: pass in on bge0 inet from 192.168.82.0/24 to any modulate state pass in on bge0 inet from 192.168.82.2 to any modulate state pass out on bge0 inet from any to 192.168.82.0/24 modulate state pass out on bge0 inet from any to 192.168.82.2 modulate state Why does it pick the alias IP on the nic and not the actual IP? Is this intended by design? Because the first IP address has a netmask with zero bits, and pf is smart enough to recognize this as part of a subnet/network (this is, after all the meaning of the :network modifier). The alias IP has a netmask of 0x, which may match only that alias address. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
