pfctl -sa Can't see my custom filter rule ... Why?

Murus
Post Reply
miamikel
Posts: 5
Joined: Sat Mar 28, 2015 4:03 pm

pfctl -sa Can't see my custom filter rule ... Why?

Post by miamikel » Thu Apr 09, 2015 8:19 pm

Hi

I created for port 2049 a custom rule who blocked udp/tcp on that port but if I use the pfctl -sa command on the terminal shell as su
I can't see the new custom filter rule I have created with MURUS GUI. See outcome of pfctl -sa command below:

---------------- snip --------------------------

No ALTQ support in kernel
ALTQ related functions disabled
TRANSLATION RULES:
rdr-anchor "murus.rdr" all

FILTER RULES:
scrub-anchor "com.apple/*" all fragment reassemble
pass quick on awdl0 all flags S/SA keep state
pass quick on utun0 all flags S/SA keep state
pass quick on p2p0 all flags S/SA keep state
block drop in log quick from <_blacklist> to any label "BlackList_IN"
block drop out log quick from any to <_blacklist> label "BlackList_OUT"
block return in log quick from <_adservers> to any label "adservers_IN"
block return out log quick from any to <_adservers> label "adservers_OUT"
block drop in quick from <sshguard> to any label "SSHGuard"
block drop in log quick from <_threats> to any label "Threats_IN"
block drop out log quick from any to <_threats> label "Threats_OUT"
block drop in quick from no-route to any
block drop in quick from urpf-failed to any
block drop log inet all label "Block_V4"
block drop log inet6 all label "Block_V6"
anchor "com.apple/*" all
pass proto icmp all keep state
pass in quick proto udp from any port = 5353 to any port = 5353 keep state allow-opts
pass out quick proto udp from any port = 5353 to any port = 5353 keep state allow-opts
pass proto igmp all keep state allow-opts
pass out quick proto tcp from any port = 68 to any port = 67 flags S/SA keep state
pass out quick proto udp from any port = 68 to any port = 67 keep state
pass in quick proto tcp from any port = 67 to any port = 68 flags S/SA keep state
pass in quick proto udp from any port = 67 to any port = 68 keep state
pass quick inet6 proto udp from any to any port = 546 keep state
pass inet6 proto ipv6-icmp all icmp6-type echoreq keep state allow-opts
pass inet6 proto ipv6-icmp all icmp6-type groupqry keep state allow-opts
pass inet6 proto ipv6-icmp all icmp6-type grouprep keep state allow-opts
pass inet6 proto ipv6-icmp all icmp6-type groupterm keep state allow-opts
pass inet6 proto ipv6-icmp all icmp6-type routersol keep state allow-opts
pass inet6 proto ipv6-icmp all icmp6-type routeradv keep state allow-opts
pass inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state allow-opts
pass inet6 proto ipv6-icmp all icmp6-type neighbradv keep state allow-opts
pass inet6 proto ipv6-icmp all icmp6-type 143 keep state allow-opts
pass quick inet from any to 224.0.0.0/4 flags S/SA keep state allow-opts
pass quick inet6 from any to ff00::/8 flags S/SA keep state allow-opts
anchor "murus.inbound" all label "Inbound"
anchor "murus.outbound" all label "Outbound"
anchor "murus.inspector" all label "Inspector"
anchor "murus.custom" all label "Custom_Rules"

DUMMYNET RULES:
dummynet-anchor "murus.bw" all

-------------- snip ---------------------------

Another question is what means: "No ALTQ support in kernel ALTQ related functions disabled"

Thanks in advance ;)


Cheers

Michael

hany
Posts: 466
Joined: Wed Dec 10, 2014 5:20 pm

Re: pfctl -sa Can't see my custom filter rule ... Why?

Post by hany » Fri Apr 10, 2015 1:18 am

to see rules you have to use the "r" flag. Custom rules are in a anchor so you must also put the anchor path using command "a".
The correct shell command is:

Code: Select all

pfctl -sr -a /murus.custom
Another question is what means: "No ALTQ support in kernel ALTQ related functions disabled"
ALTQ is a (old and deprecated) pf module for bandwidth shaping and qos and such. Apple did not include ALTQ in OSX so pfctl gives this warning.

Post Reply