DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 14th May 2008
cybersans cybersans is offline
New User
 
Join Date: May 2008
Posts: 2
Exclamation problem on pf @ freebsd 7.0

hello there. sorry if this similar question been asked before in this forum.

my problem is, i install freebsd 7.0 and after that compile the kernel to enable pf (using the same method like freebsd's handbook said):

device pf
device pflog
device pfsync

options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_CDNR
options ALTQ_PRIQ
options ALTQ_NOPCC

and i put everything inside /etc/rc.conf

pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_flags=""

and guess what? pf is not loading when startup. i have to manually restarted the pf using /etc/rc.d/pf restart. seems like rc.d/pf doesn't work although rc.conf set pf_enable="YES"



is that a bug? i never have this kind of problem when using version 5.* or 6.*

plus, kldstat only shows:
Id Refs Address Size Name
1 7 0xc0400000 910b90 kernel
2 1 0xc0d11000 6a32c acpi.ko
3 1 0xc6c4f000 22000 linux.ko

after that, i try to put:
pf_load="YES"
pflog_load="YES"
pfsync_load="YES"

inside /boot/loader.conf and also doesn't work.

i already compile the kernel with pf and put appropriate line inside /etc/rc.conf

and the pf still do not loading when freebsd 7.0 boot up.


thank you
Reply With Quote
  #2   (View Single Post)  
Old 14th May 2008
crayoxide crayoxide is offline
Fdisk Soldier
 
Join Date: May 2008
Posts: 46
Default

To troubleshoot, try swapping back to the GENERIC kernel and see if PF loads. I know that ALTQ will not be in the kernel, but the goal here is to get PF loading upon startup.

Additionally, you do not need all those lines in rc.conf to get PF running. This is all that is needed:
Code:
pf_enable="YES"
pflog_enable="YES"
http://home.nuug.no/~peter/pf/en/simplestfreebsd.html
Reply With Quote
  #3   (View Single Post)  
Old 14th May 2008
anomie's Avatar
anomie anomie is offline
Local
 
Join Date: Apr 2008
Location: Texas
Posts: 445
Default

I think switching back to GENERIC to test is a good approach.

You might also look at dmesg -a | less and then search for 'pf' to see if it's trying to start at boot time (and failing).
__________________
Kill your t.v.
Reply With Quote
  #4   (View Single Post)  
Old 15th May 2008
cybersans cybersans is offline
New User
 
Join Date: May 2008
Posts: 2
Default

hello guys.

hello there. i think this conversation can be closed right now. when i try to look at dmesg output:

Starting pflog.
May 14 16:09:53 pflogd[471]: [priv]: msg PRIV_OPEN_LOG received
Enabling pf.
no IP address found for securehost.xxx.xx
/etc/pf.conf:9:
could not parse host specification

pfctl:
Syntax error in config file: pf rules not loaded

which securehost.xxx.xx cannot be resolved while booting because no dns server was contacted. when i remove the hosts from pf.conf then pf is loaded when booting.

thank you for now

credited to anomie that suggested to look at dmesg output
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
FreeBSD 6.2 + qmail = problem sending email to freebsd.org DNAeon FreeBSD Ports and Packages 2 29th September 2008 12:27 AM
FreeBSD 7.0 + Skype problem daemonFromHeaven FreeBSD Ports and Packages 3 6th September 2008 11:23 AM
FreeBSD + Canon ImageRunner problem anomie FreeBSD General 2 12th August 2008 10:25 PM
NFS and FreeBSD 6.2r strange problem .. bsduser FreeBSD Installation and Upgrading 3 11th July 2008 11:48 AM
FreeBSD boot problem kdi FreeBSD General 2 25th May 2008 07:09 AM


All times are GMT. The time now is 07:45 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick