kldload: can't load pf

[Slade]

I'm new to FreeBSD and I've spent this week reading through the handbook and I'm working my way through the excellent Absolute FreeBSD book as well. But I've encountered a problem and I haven't been able to find a solution anywhere. I'm running FreeBSD 8.

I'm trying to install PF. I've added the following to the /etc/rc.conf file:

pf_enable="YES"
pf_rules="/etc/pf.conf"

I then added a simple set of rules to /etc/pf.conf:

interface="xn0"
scrub in all
block in on $interface

#allow SSH from the world
pass in on $interface proto tcp from any to $interface port 22

#HTTP (80) and HTTPS (443) to the world
pass in on $interface proto tcp from any to $interface port 80
pass in on $interface proto tcp from any to $interface port 443

#allow outgoing traffic
pass out on $interface proto { tcp, udp } all

I then type [cmd=]/etc/rc.d/pf start[/cmd] and get the following error:

kldload: can't load pf: Exec format error
/etc/rc.d/pf: WARNING: Unable to load kernel module pf

My securelevel is

kern.securelevel: -1

Could this be related to the fact that it's running on a XEN VPS (paravirtualized drivers)? Any help would be greatly appreciated.

 

[sossego]

You need to do

kldload pf

and then in /boot/loader.conf

pf_load="YES"

.
You may also want to load pflog in /boot/loader.conf.

 

[Slade]

After checking the freebsd-xen mailing list it seems that the xen paravirtualization kernel has some issues. When I switched to hardware virtualization with a generic kernel my original setup worked fine. So for peoples reference if you run into this issue on a VPS that might be the culprit.