Bug 153307

Summary: [pf] Bug with PF firewall
Product: Base System Reporter: Manuel G Ochoa <mochoa>
Component: kernAssignee: freebsd-pf (Nobody) <pf>
Status: Closed FIXED    
Severity: Affects Only Me CC: cmb, kp
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   

Description Manuel G Ochoa 2010-12-20 13:50:10 UTC 
PF firewall does not work as expected after a reboot

Fix: 

run this command:
pfctl -f /etc/pf.conf

This command will reload the pf config file and load the table into the rule set.

run:
pfctl -t trusted -T show

results:
192.168.1.39

Now, only this ip address is allowed through the firewall. All other addresses are blocked.
How-To-Repeat: Configure /etc/pf.conf as follows:
  ext="em0"
  table <trusted> persist file "/etc/trusted"
  scrub in
  pass  in quick from <trusted>
  block in on $ext

Configure /etc/trusted as follows:
  192.168.1.39


Reboot server

Any ip address will pass through the firewall

run:
pfctl -t trusted -T show

results: 
Table does not exist.
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2010-12-20 15:19:33 UTC 
Responsible Changed
From-To: freebsd-amd64->freebsd-pf

Over to maintainer(s).
Comment 2 Manuel G Ochoa 2011-09-14 16:01:40 UTC 
What is the status on this bug? It's almost a year old and it looks like a
serious issue.



Thanks,

Manuel Ochoa - CCNP MCSA MCSE MCDBA
President, Agency Matrix LLC

5010 Addison Circle
Addison TX 75001-2333

Phone: 972-239-1456
Fax: 702 447-6669
Comment 3 cmb 2015-12-12 04:53:40 UTC 
Not sure what version OP started with, but the issue as described doesn't exist on FreeBSD 10.1 nor 11-CURRENT.  

same pf.conf and trusted persist file, and after a clean boot: 

root@fbsd11-test1:~ # pfctl -t trusted -T show 
   192.168.1.39

Safe to close this, it was fixed at some point.
Comment 4 Kristof Provost freebsd_committer freebsd_triage 2016-01-02 22:45:27 UTC 
Closing based on the report in comment #3.