# Unable to open /dev/pf device inside the jail



## Mr_Dragon (Dec 16, 2018)

I'm trying to set TransPort setting in the torproxy jail but when I try to start Tor inside the jail I'm giving errors:

```
root@torproxy:~ # service tor restart
Stopping tor.
Waiting for PIDS: 95355.
Starting tor.
Dec 16 00:23:07.760 [notice] Tor 0.3.4.9 (git-4ac3ccf2863b86e7) running on FreeBSD with Libevent 2.1.8-stable, OpenSSL 1.0.2o-freebsd, Zlib 1.2.11, Liblzma 5.2.3, and Libzstd 1.3.5.
Dec 16 00:23:07.760 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Dec 16 00:23:07.760 [notice] Read configuration file "/usr/local/etc/tor/torrc".
Dec 16 00:23:07.774 [notice] Scheduler type KISTLite has been enabled.
Dec 16 00:23:07.774 [notice] Opening Socks listener on 127.0.1.1:9050
Dec 16 00:23:07.774 [notice] Opening DNS listener on 127.0.1.1:9053
Dec 16 00:23:07.774 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9040
Dec 16 00:23:07.774 [warn] open("/dev/pf") failed: No such file or directory
Dec 16 00:23:07.774 [notice] Closing partially-constructed Socks listener on 127.0.1.1:9050
Dec 16 00:23:07.774 [notice] Closing partially-constructed DNS listener on 127.0.1.1:9053
Dec 16 00:23:07.774 [notice] Closing partially-constructed Transparent pf/netfilter listener on 127.0.0.1:9040
Dec 16 00:23:07.775 [warn] Failed to parse/validate config: Unable to open /dev/pf for transparent proxy.
Dec 16 00:23:07.775 [err] Reading config failed--see warnings above.
/usr/local/etc/rc.d/tor: WARNING: failed to start tor
```
 I've created this jail using ezjail-admin tool. Could anyone tell me why I'm unable to change host pf settings and how can I do it inside the jail?


----------



## ShelLuser (Dec 16, 2018)

I don't know anything about EZJail but do know how to do this with plain old FreeBSD: you'll need to set up a fully working devfs structure inside your jail. It'll mimic the /dev setup on the host and include pf which can then be used to control the firewall.

It basically boils down to adding these settings to /etc/jail.conf:

```
sysvmsg = new;
        sysvshm = new;
        sysvsem = new;

        allow.mount.devfs;
        mount.devfs;

        devfs_ruleset = 2;
        enforce_statfs = 1;
```
See jail(8) for more info on these settings.


----------

