On 12/23/-58 20:59, Bruce Cran wrote:
>
I recently upgraded my i386 router from 7.0
> to 7.1-PRERELEASE. I rebooted it today but despite pf_enable="YES"
> being in /etc/rc.conf no rules got loaded during boot, despite pf itself
> having been enabled:
>
> router# pfctl -s rules
> router# pfctl -e -f /etc/pf.conf
> pfctl: pf already enabled
> [connection is closed due to new rules being loaded]
> router# pfctl -s rules
> scrub in all fragment reassemble
> [... lots of rules listed]
>
> Has anyone else seen this problem, or have I just missed something
> that's changed between 7.0 and 7.1 in the way pf works?
>


Hi Bruce,

> # pfctl -sr | wc -l
> 81
> # grep pf /etc/rc.conf
> pf_enable="YES"
> pf_rules="/etc/Firewall/pf-ces.conf"
> pflog_enable="YES"


this is from a very recent 7-STABLE box:
> # uname -a
> FreeBSD cesar.sz.vwsoft.com 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #46: Tue Sep 30 23:33:36 CEST 2008 root@cesar.sz.vwsoft.com:/usr/obj/usr/src/sys/CESAR i386


Do you mind to show me your rules? What does ``pfctl -gnf
/path/to/your/rules'' give?

Volker
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/lis...freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"