pfctl -n -f /etc/pf.conf
. It may be worth posting the output of this command for us if you have further problems. (I've never used this command but I'm hoping it'll output something if there are errors.)pf_enable="YES"
pf_rules="/etc/pf.conf"
pfctl -n -f /etc/pf.conf
# pfctl -n -f /etc/pf.conf
pfctl: /etc/pf.conf: No such file or directory
pfctl: cannot open the main config file!: No such file or directory
#
ls -l /path/to/pf.conf
results in:# ls -l /path/to/pf.conf
ls: /path/to/pf.conf: No such file or directory
#
/etc/rc: WARNING: /patch/to/pf.conf is not readable.
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: Gateway ::1
ELF ldconfig patch: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/gcc48 /usr/local/lib/nss
a.aout ldconfig patch: /usr/lib/aout /usr/lib/compat/aout
Creating and/or trimming log files.
Starting syslogd.
Clearing /tmp (X related)
PF doesn't have built-in rules. You need to tell it what you want it to do. Usually that's done by the file /etc/pf.conf, although it's possible to specify a different file.What are the rules of this file /etc/pf.conf? Within that file there is nothing.Code:# pfctl -n -f /etc/pf.conf pfctl: /etc/pf.conf: No such file or directory pfctl: cannot open the main config file!: No such file or directory #
Please note that /path/to/pf.conf is not an actual path. The expression /path/to/foo is often used to indicate that you need to fill in wherever that file foo is. In your case it's /etc/pf.conf but in some cases it could be /usr/local/etc/pf.conf or /home/anaivanovic/pf.conf or whatever.And also this commandls -l /path/to/pf.conf
results in:
Code:# ls -l /path/to/pf.conf ls: /path/to/pf.conf: No such file or directory #
PF doesn't have built-in rules. You need to tell it what you want it to do. Usually that's done by the file /etc/pf.conf
# kldload pf
# ee /etc/rc.conf
pf_enable="YES"
# ee /etc/rc.conf
pf_rules="/path/to/pf.conf"
why are you trying to enable the firewall in the first place?
Considering its taken 2 days, 30 messages and you still haven't properly understood that you need a rule file, and that pf_rules should point to it, You need to learn to create the rule file for yourself.
You need to decide for yourself what you want the firewall to do.
I suggest that you try to explain just what you want your firewall to actually do.
FreeBSD handbook, which do not indicate that anything must be added in /etc/pf.conf.
From the Handbook: PF will not start if it cannot find its ruleset configuration file. The default ruleset is already created and is named /etc/pf.conf. If a custom ruleset has been saved somewhere else, add a line to /etc/rc.conf which specifies the full path to the file:
pf_rules="/path/to/pf.conf"
block in all
pass out all keep state
pf_enable="YES"
pf_rules="/etc/pf.conf"
I'm sorry, on my part I confused the articles 30.3.1, 30.3.2 and 30.3.3. I wanted to load by default, but you can not, then encrypt or filter the incoming and outgoing network.He's asking what YOU want the firewall to do. Do you want it to block all external connections, or handle NAT for your network, or allow http in, or block torrents, etc, etc.
# vi /etc/pf.conf
ext_if = "em0"
set block-policy drop
set skip on lo0
scrub in all
block in all
antispoof quick for ($ext_if)
block in quick from { urpf-failed no-route } to any
pass out quick on $ext_if keep state
# macros
int_if="xl0"
tcp_services="{ 22, 113 }"
icmp_types="echoreq"
comp3="192.168.0.3"
# options
set block-policy return
set loginterface egress
set skip on lo
# FTP Proxy rules
anchor "ftp-proxy/*"
pass in quick on $int_if inet proto tcp to any port ftp \
divert-to 127.0.0.1 port 8021
# match rules
match out on egress inet from !(egress:network) to any nat-to (egress:0)
# filter rules
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in on egress inet proto tcp from any to (egress) \
port $tcp_services
pass in on egress inet proto tcp to (egress) port 80 rdr-to $comp3
pass in inet proto icmp all icmp-type $icmp_types
pass in on $int_if