/etc/rc.d/pf: WARNING: /etc/pf.conf is not readable.

Started by verulian, March 30, 2024, 09:56:02 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 30, 2024, 09:56:02 PM
When I was logged into the shell to restart pf, I got the error in the subject line which seems odd/worrisome:



Code Select


root@firewall:~ # service pf onerestart
Disabling pf.
/etc/rc.d/pf: WARNING: /etc/pf.conf is not readable.



As you will see, the file simply isn't there:
Code Select

root@firewall:~ # cat /etc/pf.conf
cat: /etc/pf.conf: No such file or directory

March 30, 2024, 10:09:30 PM #1
This is not how you restart most services on OPNsense.

Code Select
configctl filter reload
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 30, 2024, 10:12:31 PM #2
I am not 100% certain but i imagine that is the location on a vanilla freebsd install of pf but on OPN the command gets issued with the OPN's own location of the config file. That's to say it probably needs issuing either with #service pf onerestart -c /path/to/file or maybe a  template defines it, or even an opn-specific command.
Edit: writing at the same time. There you go.
March 31, 2024, 12:11:49 PM #3
So my issue is that I'm trying to set up a site-to-site WireGuard arrangement. The system I'm referring to is an OPNsense 24.1 install with a singular WAN port. Each time I make any changes that seem to effect the firewall I have to do something to make it responsive again for the web admin interface. I couldn't think of anything to do while I only had LISH (console access via Linode) access except something basic, and this "service pf onerestart" is what worked to push the system into responsiveness again on the web interface. I even found this to be true with direct ssh remote access as well - same problem, had to go to LISH and issue "service pf onerestart" to get ssh to respond...
Print
Go Up Pages1
User actions