# FreeBSD 7.2 Release-p4 kernel rc.conf pf_enable



## zeissoctopus (Oct 6, 2009)

I used to load pf as module in /etc/rc.conf before with no problem.

I csup update src to FreeBSD 7.2 Release-p4, rebuild GENERIC kernel and reboot. I enable new kernel' NULL Map feature at /boot/loader.conf. First it seem fine to me.

I am noticed pf module does not load with new kenrel when I replace one of 5 tables.

I check no diff between /etc/rc.d/pf, pflog and /usr/src/etc/rc.d/pf, pflog

When I ifconfig, pflogd device do not exit!

Firstly, I rebuild a build-in device pf kernel. The result no changes. pf does not auto load by /etc/rc.conf

Now, I use /etc/crontab 's @reboot statements to auto load pflogd and pf in every boot.


----------



## SirDice (Oct 6, 2009)

So what do you have in /etc/rc.conf regarding pf? It works fine here on a FreeBSD-7.2-STABLE.


```
#Firewall
pf_enable="YES"
pflog_enable="YES"
```


----------



## zeissoctopus (Oct 7, 2009)

My previous rc.conf about PF setting just same as you.

The location of /etc/pf.conf is standard place and it is 644.

I don't know why my rc.conf do not load pf.ko properly. I success to enable pf by command after booting:

```
sudo pfctl -e -f /etc/pf.conf
```

I prove that /etc/pf.conf is no problem.

I don't follow 7-STABLE brench and I just follow 7.2-Release brench.

below is my previous rc.conf

```
#===============================================================
#                      PART I: Host
#---------------------------------------------------------------
# network interface
#---------------------------------------------------------------
ifconfig_em0="inet 192.168.1.7 netmask 255.255.255.0"
ifconfig_em0_alias0="inet 192.168.1.8 netmask 255.255.255.255"
ifconfig_em0_alias1="inet 192.168.1.9 netmask 255.255.255.255"
ifconfig_em0_alias2="inet 192.168.1.10 netmask 255.255.255.255"
ifconfig_em0_alias3="inet 192.168.1.11 netmask 255.255.255.255"
ifconfig_em0_alias4="inet 192.168.1.12 netmask 255.255.255.255"
ifconfig_em0_alias5="inet 192.168.1.13 netmask 255.255.255.255"
ifconfig_em0_alias6="inet 192.168.1.14 netmask 255.255.255.255"
defaultrouter="192.168.1.1"
hostname="myhost.mydomain.com"
ipv6_enable="NO"
ipv6_defaultrouter="NO"
#---------------------------------------------------------------
# general setting
#---------------------------------------------------------------
keymap="us.iso"
font8x8="cp437-8x8"
font8x14="cp437-8x14"
font8x16="cp437-8x16"
kern_securelevel_enable="YES"
kern_securelevel="1"
powerd_enable="YES"
powerd_flags="-a hadp -n hadp"
#---------------------------------------------------------------
# pf firewall settings
#---------------------------------------------------------------
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_flags=""
#---------------------------------------------------------------
# Services control
#---------------------------------------------------------------
sshd_enable="YES"
syslogd_enable="YES"
syslogd_flags="-4 -b localhost"
inetd_enable="NO"
rpcbind_enable="NO"
sendmail_enable="NO"
clear_tmp_enable="YES"
#================================================================
#                     PART II: Jails
#================================================================
# jails global setting
#----------------------------------------------------------------
jail_enable="YES"
jail_list="apache22 pgsql sendmail"
jail_set_hostname_allow="NO"
jail_socket_unixiproute_only="YES"
jail_sysvipc_allow="YES"
#----------------------------------------------------------------
# apache22 jail settings
#----------------------------------------------------------------
jail_apache22_rootdir="/jails/ro/japache22"
jail_apache22_hostname="www.mydomain.net"
jail_apache22_ip="192.168.1.10"
jail_apache22_exec_start="/bin/sh /etc/rc"
jail_apache22_exec_stop="/bin/sh /etc/rc.shutdown"
jail_apache22_devfs_enable="YES"
jail_apache22_devfs_ruleset="devfsrules_jail"
#----------------------------------------------------------------
# pgsql jail settings
#----------------------------------------------------------------
jail_pgsql_rootdir="/jails/ro/jpgsql84"
jail_pgsql_hostname="sql.mydomain.net"
jail_pgsql_ip="192.168.1.8"
jail_pgsql_exec_start="/bin/sh /etc/rc"
jail_pgsql_exec_stop="/bin/sh /etc/rc.shutdown"
jail_pgsql_devfs_enable="YES"
jail_pgsql_devfs_ruleset="devfsrules_jail"
#----------------------------------------------------------------
# sendmail jail settings
#----------------------------------------------------------------
jail_sendmail_rootdir="/jails/ro/jsendmail"
jail_sendmail_hostname="mail.mydomain.net"
jail_sendmail_ip="192.168.1.9"
jail_sendmail_exec_start="/bin/sh /etc/rc"
jail_sendmail_exec_stop="/bin/sh /etc/rc.shutdown"
jail_sendmail_devfs_enable="YES"
jail_sendmail_devfs_ruleset="devfsrules_jail"
```


----------



## zeissoctopus (Oct 23, 2009)

*[solved] my problem*

Finally, I get the answer to my newbie level problem.

I put a hostname rule in my /etc/pf.conf 's filter rule. After I remove this rule, pf boot smoothly on FreeBSD 7.2-Release-p4 again.

I find my answer at this link
http://freebsd.monkey.org/freebsd-pf/200705/msg00020.html


----------



## SirDice (Oct 23, 2009)

Hmm.. I never would have thought of that. Then again, I never use hostnames in firewall rulesets.


----------

