Re: Can't get pf to work
On Fri, 05 Oct 2007 17:05:57 +0200 Peo Nilsson [EMAIL PROTECTED] wrote: Dear list. I'm trying to configure pf on FreeBSD 6.2-release with no success. Is there anyone that has time and can give me a clue for what I'm doing wrong? If you do: /etc/rc.d/pf restart do you see any errors? Is nve0 your correct interface e.g. for PPPoE it would be tun0 rather than the card interface itself. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Can't get pf to work
Dear list.
I'm trying to configure pf on FreeBSD 6.2-release
with no success. Is there anyone that has time and
can give me a clue for what I'm doing wrong?
This is what I have done:
1) /etc/rc.conf:
pf_enable=YES # Enable PF (load module if required)
pf_rules=/etc/pf.conf # rules definition file for pf
pf_flags= # additional flags for pfctl startup
pflog_enable=YES # start pflogd(8)
pflog_logfile=/var/log/pflog # where pflogd should store the logfile
pflog_flags= # additional flags for pflogd startup
2) /etc/pf.conf:
--
...snap
# 1. Macros
lo = lo0# loopback device
ext = nve0 # networkcard
# 2. Tables
# 3. Options
set block-policy drop
set optimization aggresive
set loginterface $ext
# 4. Packet normalization
scrub in on $ext all
# 5. Queueing.
# 6. Translation.
# 7. Filtering.
pass quick on $lo all # Don't block loopback traffic
antispoof for { $lo, $ext } # Antispoof
block in on $ext all# Block all incoming as default
block out on $ext all # Block all outgoing as default
# Eof
...snap
-
3) kldstat says:
71 0xc4b1c000 3000 pflog.ko
81 0xc4b26000 2d000pf.ko
As far as I get it, I shouldn't be able to enter the internet as it is,
but nothing is blocked and I can check my mail and so. What have I
missed ?
--
/Peo
signature.asc
Description: This is a digitally signed message part
Re: Can't get pf to work
On Fri, 2007-10-05 at 16:17 +0100, RW wrote: If you do: /etc/rc.d/pf restart do you see any errors? There was an syntax error in pf.conf. aggresive should be: aggressive. Guess I'm tired...:-) I realy thank you for saving me time! -- /Peo signature.asc Description: This is a digitally signed message part
Re: Can't get pf to work
On Friday 05 October 2007 17:42:10 Peo Nilsson wrote: On Fri, 2007-10-05 at 16:17 +0100, RW wrote: If you do: /etc/rc.d/pf restart do you see any errors? There was an syntax error in pf.conf. aggresive should be: aggressive. Guess I'm tired...:-) I realy thank you for saving me time! alias pfcheck=/etc/rc.d/pf check is your friend. As is: alias pflog=tcpdump -i pflog0 -ttt -v -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
