Thank you!
On 2012 November 30 Friday at 2:33 PM, Fleuriot Damien wrote: > -P > > Enjoy. > > > On Nov 30, 2012, at 2:30 PM, Laszlo Danielisz <laszlo_daniel...@yahoo.com > (mailto:laszlo_daniel...@yahoo.com)> wrote: > > Good idea, let me check. > > One more think, while pfctl -vnf /etc/pf.conf how can I list the port > > numbers instead of the protocol? > > > > ex: > > pass in on em0 inet proto tcp from 192.168.1.0/24 to 192.168.1.2 port = ftp > > flags S/SA keep state > > > > I want to see port = 21 instead of port = ftp > > > > -- > > Laszlo Danielisz > > Sent with Sparrow (http://www.sparrowmailapp.com/?sig) > > > > > > On 2012 November 30 Friday at 2:20 PM, Fleuriot Damien wrote: > > > > > It likely tries to apply rules on an interface that doesn't exist yet > > > (for example openvpn's tun). > > > > > > There's also the chance your rules contain a fully qualified domain name, > > > say example.com (http://example.com/) > > > PF tries to load its rules, DNS resolution is not up yet, FQDN fails to > > > resolve to anything meaningful, rules fail to laod. > > > > > > Review your rules for any non-physical interfaces (tun, gif) and domain > > > names. > > > > > > > > > On Nov 30, 2012, at 2:17 PM, Laszlo Danielisz <laszlo_daniel...@yahoo.com > > > (mailto:laszlo_daniel...@yahoo.com)> wrote: > > > > Thank you very much for your help! > > > > > > > > pf is loaded to the kernel: > > > > ktulu# kldstat|grep pf > > > > 38 1 0xc4b41000 3000 pflog.ko > > > > 39 1 0xc4b44000 35000 pf.ko > > > > > > > > > > > > and pfctl -vnf /etc/pf.conf did work, though I don't want to paste here > > > > the whole result :) > > > > > > > > Here is the output of grep > > > > > > > > ktulu# grep pf /etc/rc.conf > > > > #pf > > > > pf_enable="YES" > > > > pf_rules="/etc/pf.conf" > > > > pf_flags="" > > > > pflog_enable="YES" > > > > pflog_logfile="/var/log/pflog" > > > > pflog_flags="" > > > > > > > > > > > > I wonder why it doesn't start on boot time? > > > > -- > > > > Laszlo Danielisz > > > > Sent with Sparrow (http://www.sparrowmailapp.com/?sig) > > > > > > > > > > > > On 2012 November 30 Friday at 1:40 PM, Tiago Felipe wrote: > > > > > > > > > On 11/30/2012 10:23 AM, Fleuriot Damien wrote: > > > > > > On Nov 30, 2012, at 1:20 PM, Tiago Felipe<tfgoncal...@yahoo.com.br > > > > > > (mailto:tfgoncal...@yahoo.com.br)> wrote: > > > > > > > > > > > > > On 11/30/2012 09:02 AM, Fleuriot Damien wrote: > > > > > > > > On Nov 30, 2012, at 12:00 PM, Laszlo > > > > > > > > Danielisz<laszlo_daniel...@yahoo.com > > > > > > > > (mailto:laszlo_daniel...@yahoo.com)> wrote: > > > > > > > > > > > > > > > > > Hi Everybody, > > > > > > > > > > > > > > > > > > Recently I've discover the following issues: I can't display > > > > > > > > > my firewalls rules, and the firewall is enabled. > > > > > > > > > Take a look what is happening: > > > > > > > > > > > > > > > > > > ktulu# pfctl -s rules > > > > > > > > > No ALTQ support in kernel > > > > > > > > > ALTQ related functions disabled > > > > > > > > > ktulu# pfctl -e > > > > > > > > > No ALTQ support in kernel > > > > > > > > > ALTQ related functions disabled > > > > > > > > > pfctl: pf already enabled > > > > > > > > > > > > > > > > > > ktulu# uname -a > > > > > > > > > FreeBSD ktulu.danielisz.eu (http://ktulu.danielisz.eu/) > > > > > > > > > 8.3-RELEASE-p3 FreeBSD 8.3-RELEASE-p3 #0: Mon Jun 11 23:52:38 > > > > > > > > > UTC 2012 r...@i386-builder.daemonology.net > > > > > > > > > (mailto:r...@i386-builder.daemonology.net):/usr/obj/usr/src/sys/GENERIC > > > > > > > > > i386 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Do you have any idea why I can not see them? > > > > > > > > > > > > > > > > > > Thx! > > > > > > > > > Laszlo > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Actually, I believe you can see your rules, all the 0 of them. > > > > > > > > > > > > > > > > Try pfctl -nf /etc/pf.conf > > > > > > > > > > > > > > > > See if you have an error when loading the rules, that would > > > > > > > > explain it all. > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > freebsd-pf@freebsd.org (mailto:freebsd-pf@freebsd.org) mailing > > > > > > > > list > > > > > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > > > > > > > > To unsubscribe, send any mail to > > > > > > > > "freebsd-pf-unsubscr...@freebsd.org > > > > > > > > (mailto:freebsd-pf-unsubscr...@freebsd.org)" > > > > > > > > > > > > > > > > > > > > > > # pfctl -s all > > > > > > > > > > > > > > the device is loaded? > > > > > > > > > > > > > > # kldload pf.ko > > > > > > > > > > > > > > or recompile the kernel > > > > > > > > > > > > > > device pf > > > > > > > device pflog > > > > > > > device pfsync > > > > > > > > > > > > > > after that reload the rules wtih # pfctl -nf /etc/pf.conf and see > > > > > > > if change something. > > > > > > > > > > > > > > sorry, my english sux. > > > > > > > > > > > > > > -- > > > > > > > Att, > > > > > > > Tiago Felipe Gonçalves. > > > > > > > Gerente de Infraestrutura de TI. > > > > > > > +55 19 99196494 > > > > > > > > > > > > > > > > > > > > > > > > > His pfctl -si shows pf is enabled so either the module loaded fine, > > > > > > or he has device pf in his kernel config. > > > > > > > > > > > > I'm waiting for both his snip from /etc/rc.conf and pfctl -vnf > > > > > > /etc/pf.conf ;) > > > > > > > > > > > > Also note that pfctl -nf /etc/pf.conf doesn't actually load the > > > > > > rules, the -n flag makes it only parse the rules and show errors. > > > > > sorry for my failure with -n flag, i've seen mistakes on small > > > > > things,not cost check =] > > > > > but -nf will show errors, rc.conf will be useful and pfctl -s all, > > > > > give > > > > > us a lot of info about. > > > > > > > > > > -- > > > > > Att, > > > > > Tiago. > > > > > > > > > > _______________________________________________ > > > > > freebsd-pf@freebsd.org (mailto:freebsd-pf@freebsd.org) mailing list > > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > > > > > To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org > > > > > (mailto:freebsd-pf-unsubscr...@freebsd.org)" > > > > > > > > > > > > > > > > > > > _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
