Hi All,
Just upgraded my home machine to 8.2-RELEASE via
freebsd-update remotely (spare time at work.) and on reboot my pf
ruleset isnt being loaded. running '/etc/rc.d/pf start' once its booted
does start it fine though. Any suggestions on debugging or shall i just
try a verbose boot and watch the console when I get home?
I still have
pf_enable="YES" # Set to YES to enable packet filter
(pf)
pflog_enable="YES" # Set to YES to enable packet filter
logging
in /etc/rc.conf
Regards,
Vince
My pf related lines in rc.conf look like the following: pf_enable="YES" pf_rules="/etc/pf.conf" pflog_enable="YES" pflog_logfile="/var/log/pflog" pflog_flags="" I do have a problem from time to time where the rules won't load, but that's usually because a DHCP interface has failed to come up and my rules aren't written exactly properly to allow for that. On Fri, Feb 25, 2011 at 12:11 PM, Vincent Hoffman <vince@unsane.co.uk> wrote:> Hi All, > ? ? ? ? ? ?Just upgraded my home machine to 8.2-RELEASE via > freebsd-update remotely (spare time at work.) and on reboot my pf > ruleset isnt being loaded. running '/etc/rc.d/pf start' once its booted > does start it fine though. Any suggestions on debugging or shall i just > try a verbose boot and watch the console when I get home? > I still have > > pf_enable="YES" ? ? ? ? ? ? ? ? ?# Set to YES to enable packet filter (pf) > pflog_enable="YES" ? ? ? ? ? ? ? # Set to YES to enable packet filter > logging > > in /etc/rc.conf > > > Regards, > Vince > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >-- Joshua Boyd JBipNet E-mail: boydjd@jbip.net http://www.jbip.net
> Hi All, > ? ? ? ? ? ?Just upgraded my home machine to 8.2-RELEASE via > freebsd-update remotely (spare time at work.) and on reboot my pf > ruleset isnt being loaded. running '/etc/rc.d/pf start' once its booted > does start it fine though. Any suggestions on debugging or shall i just > try a verbose boot and watch the console when I get home? > I still have > > pf_enable="YES" ? ? ? ? ? ? ? ? ?# Set to YES to enable packet filter (pf) > pflog_enable="YES" ? ? ? ? ? ? ? # Set to YES to enable packet filter > logging > > in /etc/rc.confIs your interface dynamic (e.g. using DHCP)? If so, you might try changing: ifconfig_<ifacename>="DHCP" to ifconfig_<ifacename>="SYNCDHCP" It's possible the network hasn't come up properly yet or there is no IP assigned. Failing that, you can set: rc_debug="YES" in rc.conf then watch at boot time if there are any odd messages when it attempts to start pf. Josh