Re: NPF not loading and starting at boot

[Gerard Lally <lists+netbsd.users%netmail.ie@localhost>]

At date and time Tue, 12 Aug 2014 15:14:05 -0500, J. Lewis Muir wrote:

> On 8/10/14, 4:11 PM, J. Lewis Muir wrote:
> > Hello.
> >
> > I'm running amd64 NetBSD 6.1.4 (GENERIC) in a Red Hat KVM (RHEL 6.4.0
> > PC) virtual machine.  I have configured NPF to load and start at boot
> > by adding "npf=YES" to /etc/rc.conf.  However, after booting, NPF is
> > not running:
> >
> > ===
> > # npfctl show
> > Filtering:      inactive
> > Configuration:  empty
> > ===
> >
> > Starting it by hand using the rc.d system works fine:
> >
> > ===
> > # /etc/rc.d/npf start
> > Enabling NPF.
> > ===
> 
> I investigated some more.  I looked at /etc/rc and discovered that
> /var/run/rc.log contains a log of the rc.d system start-up.  I checked
> it, and it contains:
> 
> ===
> [running /etc/rc.d/npf]
> Enabling NPF.
> ===
> 
> So, it looks like it's starting NPF OK.  To further check this, I added
> the following to the end of /etc/rc.local:
> 
> ===
> /sbin/npfctl show > /tmp/rc.local-npfctl-show.txt 2>&1
> ===
> 
> And after booting, that file in /tmp contains what I would expect as
> if everything was OK at that point in the boot (which I understand is
> fairly late in the start-up):
> 
> ===
> # head -n 2 /tmp/rc.local-npfctl-show.txt
> Filtering:      active
> Configuration:  loaded
> ===
> 
> But again, when I log into the machine via SSH after it boots and run
> "npfctl show", somehow NPF is off and the configuration is empty:
> 
> ===
> # npfctl show
> Filtering:      inactive
> Configuration:  empty
> ===
> 
> So, NPF is ending up turned off with an empty configuration between when
> /etc/rc.local ran and when the rc.d system start-up finished.
> 
> Any ideas on what is causing this?
> 
> Thanks!
> 
> Lewis

As a complete newcomer to npf I'm not sure if this is helpful, but here
goes anyway: do you have logging turned on in your npf.conf, and if so,
have you created the interface npflog0?

-- 
Gerard Lally