Folks,
I have created a new virtual FreeBSD machine on one of my hosting provider's servers, and upgraded it to 12.2-RELEASE-p7
I want to enforce very basic pf rules:
But when I try to disable/enable pf, I get the following message:
The network interface is xn0:
I'm not sure what happens here. Apparently, the hypervisor doesn't authorize the underlying OS any access to the peripheral (promiscuous mode)?
I have, however, other instances of FreeBSD running on the same infrastructure, and pf has always worked like a charm.
Does anyone have an idea what’s going on?
Thanks a bunch,
Vincent
I have created a new virtual FreeBSD machine on one of my hosting provider's servers, and upgraded it to 12.2-RELEASE-p7
I want to enforce very basic pf rules:
Code:
block in from any
pass inet proto tcp from any port {http, https, ssh}
# ANCHORS FOR BLACKLISTD
anchor "blacklistd" all {
anchor "22" all
}
But when I try to disable/enable pf, I get the following message:
Code:
> sudo service pf stop
pfctl: DIOCGETSTATUS: Permission denied
> sudo service pf start
Enabling pfpfctl: DIOCADDRULENV: Operation not supported by device
pfctl: DIOCGETSTATUS: Permission denied
pfctl: pf already enabled
.
The network interface is xn0:
Code:
> dmesg | grep xn0
xn0: xbd0: <Virtual Network Interface>20480MB <Virtual Block Device> at device/vbd/51712 at device/vif/0 on xenbusb_front0
xn0: Ethernet address: 00:16:3e:1b:69:43
xn0: backend features: feature-sg feature-gso-tcp4
xn0: 2 link states coalesced
xn0: link state changed to UP
I'm not sure what happens here. Apparently, the hypervisor doesn't authorize the underlying OS any access to the peripheral (promiscuous mode)?
I have, however, other instances of FreeBSD running on the same infrastructure, and pf has always worked like a charm.
Does anyone have an idea what’s going on?
Thanks a bunch,
Vincent