Re: pf do not load on snapshot 20050106

[Nick Holland <nick_(_at_)_holland-consulting_(_dot_)_net>]

Per Engelbrecht wrote:
> Hi misc@
> 
> This sounds trivial, but I don't think it is.
> I've "upgraded" two production-servers (both i386 / one single cpu and 
> one MP) from 3.6-stable > GENERIC#255 (jan.06 2005 snapshot)
> 
> Now my pf.conf don't load on reboot or boot ?!
> 
> A manual 'pfctl -e' load the rules!

no it doesn't.  "pfctl -e" ENABLES PF.
"pfctl -f /etc/pf.conf" actually loads the rules.

> A 'pfctl -s rules' does not give/say anything ??

if you haven't loaded the rules (as shown above), true.

If you are manually starting PF, it requires two steps, enabling and
loading.  Either can be done without the other.  Enable with no rules,
default "pass all" takes effect.  Load rules without enabling, you get
to see if your rules load nicely, but no action takes place.

> Yes I've check net.inet.ip.forwarding=1 in /etc/sysctl.conf and pf=YES 
> in /etc/rc.conf.local and I have absolutly no warnings, errors or the 
> like, anywhere.

unfortunately, your statements below indicate to me you are looking in
the wrong places, so I'm not going to believe you yet.

> I've done this excersice a billion times before (another snap though) on 
> just as many boxes (almost) and without any problems.
> 'dmesg' and 'dmesg.boot' are both happy campers, but without any 
> mentioning of pf notwhatsoever.
> 
> Any ideas ?

Sounds like either a missunderstanding on your part or maybe an improper
 upgrade (i.e., didn't properly upgrade the /etc/ files).

If you really believe it isn't that, provide a much better report, and
watch for messages during boot (these are never logged in dmesg).

Nick.