[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf do not load on snapshot 20050106

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: pf do not load on snapshot 20050106
From: Per Engelbrecht <per_(_at_)_xterm_(_dot_)_dk>
Date: Tue, 08 Feb 2005 20:14:04 +0100

> Per Engelbrecht wrote: > >> Hi misc@ >> >> This sounds trivial, but I don't think it is. >> I've "upgraded" two production-servers (both i386 / one single cpu and one MP) from 3.6-stable > GENERIC#255 (jan.06 2005 snapshot) >> >> Now my pf.conf don't load on reboot or boot ?! >> >> A manual 'pfctl -e' load the rules! > > > > no it doesn't. "pfctl -e" ENABLES PF. > "pfctl -f /etc/pf.conf" actually loads the rules.


Hi Nick

Hmm, how can one say "yes I know and I did, but forgot to say" without sounding like a total jerk. - sorry for not being diligent enough in my report and yes I've run 'pfctl -f /etc/pf.conf' as well!

$ sudo pfctl -e
$ sudo pfctl -f /etc/pf.conf
$ sudo pfctl -s rules
$

.. nothing happens. Really.

>
>
>> A 'pfctl -s rules' does not give/say anything ??
>
>
>
> if you haven't loaded the rules (as shown above), true.
>
> If you are manually starting PF, it requires two steps, enabling and
> loading.  Either can be done without the other.  Enable with no rules,
> default "pass all" takes effect.  Load rules without enabling, you get
> to see if your rules load nicely, but no action takes place.

Even without manual 'enable' and 'load', a reboot should still 'enable' and 'load' according to /etc/rc.conf.local and /etc/pf.conf (normal behavior) ... but it does not load anything.

> > >> Yes I've check net.inet.ip.forwarding=1 in /etc/sysctl.conf and pf=YES in /etc/rc.conf.local and I have absolutly no warnings, errors or the like, anywhere. > > > > unfortunately, your statements below indicate to me you are looking in > the wrong places, so I'm not going to believe you yet. > > >> I've done this excersice a billion times before (another snap though) on just as many boxes (almost) and without any problems. >> 'dmesg' and 'dmesg.boot' are both happy campers, but without any mentioning of pf notwhatsoever. >> >> Any ideas ? > > > > Sounds like either a missunderstanding on your part or maybe an improper > upgrade (i.e., didn't properly upgrade the /etc/ files).

I'll choose the latter. The working pf.conf was saved as pf.conf.LIVE before upgrade and then renamed again after upgrade, back to pf.conf (owner/rights are root:wheel 600)

>
> If you really believe it isn't that, provide a much better report, and
> watch for messages during boot (these are never logged in dmesg).

I know this is little to 'work' on (sorry) but the servers and I are at a different location when I first wrote and still are for that matter i.e. I can't provide rc.conf.local / pf.conf / 'pfctl -s all' or anything else. I took them down until solved to be on the safe side.

'pf enabled' normally shows up on boot. On these two boxes it does not. This would normally tell me that pf=YES in rc.conf.local was not set, but it is!

Besides my *dough*_I_should_be_more_detailed_when_posting_this, then there's nothing on the system that indicates why.

I'll post rc.conf.local + pf.conf a.s.a.p
what else would you like to see ?

(thanks)

/per
per_(_at_)_xterm_(_dot_)_dk


>
> Nick.

Prev by Date: Re: problem starting a second X display
Next by Date: Re: bgpd and lost networks after reload ?
Previous by thread: Re: pf do not load on snapshot 20050106
Next by thread: Re: pf do not load on snapshot 20050106
Index(es):
- Date
- Thread

Visit your host, monkey.org