PF error message looping on screen. System Locked.

Roger Miranda rmiranda at digitalrelay.ca
Thu Jun 14 13:50:25 UTC 2007 

We are having a bit of a problem with Freebsd and PF.  We have transfered 
150GB (+/-), yesterday over a Freebsd 6.2 machine with IF_Bridge (acting as a 
transparent proxy)

The issue is 5-8 hours after the boot up of the machine we get PF loop (Fast, 
continuous loop, so we can not read the message) on the screen.  The machine 
is completly un responsive.  But I noticed the that Num Lock (only the num 
lock button) button is still responsive.

Thanks in advance for any help.  I am still new at freebsd and pf, switching 
over from Linux.

Here is a copy of my pf.conf and output of ifconfig.

----pf.conf----
int_if="em1"
ext_if="em0"
net="XXX.XXX.0.XX/16"
wac_ip="XXX.XXX.0.XX"
set optimization conservative

rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128
pass in log on $int_if route-to lo0 inet proto tcp from any to any port 3128 
keep state

pass in log quick on $int_if proto tcp from any to any port 80 keep state
pass in log quick on $int_if proto tcp from any to any port 443 keep state

pass in log quick on $int_if proto tcp from any to $wac_ip port 8080 keep 
state

pass in log quick proto icmp from any to any keep state

block in log quick on $int_if proto tcp from any to any port 1863

pass in log quick proto udp from any to any port 67:68 keep state

pass in log quick proto udp from any to any port 53 keep state

pass log quick proto tcp from any to any port 22 keep state 


----Output: ifconfig-----
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	options=48<VLAN_MTU,POLLING>
	ether 00:30:48:86:97:62
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	options=48<VLAN_MTU,POLLING>
	inet XXX.XXX.0.XX netmask 0xffffff00 broadcast XXX.XXX.0.XXX
	ether 00:30:48:86:97:63
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
pfsync0: flags=0<> mtu 2020
	syncpeer: 224.0.0.240 maxupd: 128
pflog0: flags=0<> mtu 33208
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	inet 127.0.0.1 netmask 0xff000000 
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether 36:3e:f7:b9:a3:4d
	priority 32768 hellotime 2 fwddelay 15 maxage 20
	member: em1 flags=3<LEARNING,DISCOVER>
	member: em0 flags=3<LEARNING,DISCOVER>

More information about the freebsd-pf mailing list