Solved Unable to delete pflog0

balanga · Sunday at 5:33 PM

Apologies in advance for this newbie type question, but I only started using PF recently and initially it worked for my purposes. ie accessing the Internet from my LAN via a gateway.

For reasons unknown to me things stopped working and in an effort to see what is going wrong I'm trying to use pfctl to see what is happening but not getting very far.

In an effort to start again from scratch I see

Code:

root@W520:~ $ ifconfig pflog0
pflog0: flags=1000141<UP,RUNNING,PROMISC,LOWER_UP> metric 0 mtu 33152
        options=0
        groups: pflog
root@W520:~ $

I am unable to delete this using ifconfig pflog0 destroy

Code:

root@W520:~ $ ifconfig pflog0 destroy                                                                                                                                                                                                                                    
ifconfig: SIOCIFDESTROY: Invalid argument
root@W520:~ $

What do I need to do?

atax1a · Sunday at 5:41 PM

i don't think you can destroy that, nor do we understand what doing this would help fix. how is it failing? does pfctl -si show that pf is enabled?

balanga · Sunday at 6:43 PM

atax1a said:
i don't think you can destroy that, nor do we understand what doing this would help fix. how is it failing? does pfctl -si show that pf is enabled?

Basically I don't know what pflog0 is for or how it came about. I just want to get rid of it in case it interferes in some way with pf or pfctl.

atax1a · Sunday at 7:23 PM

it is a virtual interface where packets with the log keyword go. it does not interfere with anything, it is part of the pf system.

instead of trying to delete random things, can you explain what happens? how is it failing? is it enabled?

Criosphinx · Sunday at 7:54 PM

You probably enabled it with the line pflog_enable=YES in rc.conf, remove it or set it to NO and reboot or stop the service.

Also before deleting an interface you need to stop it. ifconfig pflog0 down

balanga · Sunday at 8:04 PM

Disabling everything to do with pf followed by a reboot made it disappear.

lost_in_c · Monday at 4:19 AM

As was mentioned, the log does not affect the functionality of PF. It just creates a log file so that you can inspect how your ruleset behaves.

Speaking of which, could you show us your ruleset? cat /etc/pf.conf

If things are not working properly, the real culprit is almost definitely rule flow logic. Working on these things myself, so I'd be happy to help you thread through them to see what might be blocking the flow.

balanga · Monday at 8:32 AM

lost_in_c said:
As was mentioned, the log does not affect the functionality of PF. It just creates a log file so that you can inspect how your ruleset behaves.

Speaking of which, could you show us your ruleset? cat /etc/pf.conf

If things are not working properly, the real culprit is almost definitely rule flow logic. Working on these things myself, so I'd be happy to help you thread through them to see what might be blocking the flow.

I was looking at pf log files to try and diagnose the problem that had occurred, but had completely misdiagnosed things.

This thread explains the situation.

lost_in_c · Monday at 5:34 PM

Ah, it was a hardware issue. Glad it worked out

balanga · Monday at 9:16 PM

lost_in_c said:
Ah, it was a hardware issue. Glad it worked out

Not a hardware issue at all, simply a misconfiguration after a reboot.

lost_in_c · Monday at 9:34 PM

Hardware in the sense that it was the USB interface causing the issue, for which a software time delay was a solution, rather than a case of misconcieved code, such as PF rules.