PF pf on Raspberry Pi 3

[newbsdkv]

Hello All,

I'm running Freebsd 12.1 Release (arm64) on a Raspberry Pi 3. My questions are regarding pf (firewall)...

I have pf enabled in /etc/rc.conf and the pf_rules are in /etc/pf.conf. However, when I reboot my pi the rules are not automatically loaded. I have to manually load the ruleset after each reboot. Is this a quirk of the Freebsd Image for RPi? Does the kernel not fully support pf? Is there a sysctl parameter that I can enable for pf to automatically load the ruleset on reboot?

Thanks much!

 

[Phishfry]

Just to be clear, you have both of these settings in your /etc/rc.conf ?

pf_enable="YES"
pf_rules="/etc/pf.conf"

What happens when you run pfctl ? Is it installed?

 

[julp]

Any error at boot?

Do you use any hostname in your ruleset? If so it fails to load your rules because it can't yet resolve them at boot time (pf comes early in the boot process, see rcorder /etc/rc.d/* to give an idea)

 

[diizzy]

I have a vague memory of modules not working on ARM/ARM64 but I don't have a box to confirm it on right now.

 

[msplsh]

You need the kernel modules loaded, which they probably aren't. Check with kldstat, load with kldload pf and make permanent with adding pf_load="YES" in /boot/loader.conf

 

[serjsk8]

Hello,
I have the same issue with pf (firewall) on my FreeBSD 12.1 RELEASE (arm64) on a Raspberry Pi 3.
At the moment I do not know why this is happening.
The quick fix was to automatically reload the pf rules

service pf reload

after the system has booted