Bug 122164
| Summary: | /etc/rc.d/pf reload don't work | ||
|---|---|---|---|
| Product: | Base System | Reporter: | Roman Sindarovskiy <rakis> |
| Component: | i386 | Assignee: | freebsd-i386 (Nobody) <i386> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | Unspecified | ||
| Hardware: | Any | ||
| OS: | Any | ||
State Changed From-To: open->closed Please test what happends when you do a pfctl -vf /etc/pf.conf with that new rule etc. It should fail at that moment as well. In addition if this still fails, please bring it up on the pf@freebsd.org mailinglist, where people with pf clue are. I do not see this as a problemticket item yet. |
I use pf with rules listed below ext_if = "em0" int_if = "em1" host_admin = "89.179.a1.b1" host_main = "83.102.a2.b2" host_alfa = "83.102.a2.b3" host_test1 = "192.168.10.101" # jail1 host_test2 = "192.168.10.107" # jail2 tcp_port_main = "{ 40008 }" tcp_port_alfa = "{ smtp, www, pop3, imap }" tcp_port_beta = "{ www }" tcp_port_delta = "{ ftp }" nat pass on $ext_if from $host_test1 to any -> $host_main block log all pass in on lo0 pass in on em1 pass in on $ext_if inet proto { tcp, udp, icmp } from $host_admin keep state pass in on $ext_if inet proto tcp to $host_main port $tcp_port_main keep state pass in on $ext_if inet proto udp to $host_main port domain pass in on $ext_if inet proto tcp to $host_alfa port $tcp_port_alfa keep state pass out all keep state All working without any errors. When I added additional line nat pass on $ext_if from $host_test2 to any -> $host_main and then reload pf rules /etc/rc.d/pf reload nat in my jails are stop working Fix: stop pf /sbin/pfctl -d /sbin/kldunload pflog /sbin/kldunload pf start pf /sbin/kldload pf /sbin/pfctl -e /sbin/pfctl -f /etc/pf.conf How-To-Repeat: add rule, reload pf