PF rules not loading
Henrik Hudson
lists at rhavenn.net
Fri Sep 4 20:34:47 UTC 2009
On Fri, 04 Sep 2009, Collin Kreklow wrote:
> On Fri, Sep 04, 2009 at 08:59:30AM -0800, Henrik Hudson wrote:
> > Hey List,
> >
> > I just finishing supping to 8-BETA3 and after a reboot I noticed
> > that my PF rules weren't loading and hence NAT wasn't working for
> > internal clients, not to mention no firewall :)
> >
> > This might not be specific to BETA3, but it's the first time I
> > noticed it concretely. I did have a power outage last week where
> > after a poweron I had to run pfctl -f /etc/pf.conf to get NAT working
> > again. This was under BETA2.
>
> At the time when the pf script runs during boot, all the network
> interfaces may not be fully configured. It is likely that your pf.conf
> includes rules that pf can't calculate because one or more network
> interfaces are not yet configured. I had to change my pf.conf to
> hard-code the IP ranges instead of using :network to get my rules to
> load on boot. Also make sure your script is using (xl0) where
> appropriate.
It's possible. However, I'm pretty sure the ruleset worked correctly
on the initial install and it's a ruleset I've used on plenty of
different gateway servers with a similar hardware setup.
However, I did just finish building another 8-BETA3 x64 box and it
works fine, so maybe something fluky is going on with the server
crash due to the power outage.
I will investiage further. Thanks.
Henrik
--
Henrik Hudson
lists at rhavenn.net
-----------------------------------------
"God, root, what is difference?" Pitr; UF
More information about the freebsd-current
mailing list