Looking for docs on installing pf with FreeBSD 5.2.1

[pf-r at solarflux.org]

> > I'm running FreeBSD 5.2.1, and can't seem to find any comprihensive docs
> > on getting pf running on it.  I've followed what's in the handbook, but
> > the kernel config file doesn't recognize the device statements for pf.
> > I really would like to avoid upgrading the system to 5.3+, if possible.
> >
> > Any pointers?

The best and easiest way to have the most secure system and recent pf code is to
cvsup your FreeBSD 5.2.1 system to a patched 5.3-RELEASE, IMO.  Not sure if
-STABLE or -CURRENT would offer newer pf code, but if this is a production box,
neither -STABLE nor -CURRENT are recommended anyway.

There are plenty of comprehensive docs on updating (via cvsup) your 5.2.1 system
to the latest security branch (RELENG_5_3).  Then you'll have pf as a loadable
kernel module already in the system.  I believe the pf-enabling instructions in
the handbook are for 5.3.

Quick and dirty cvsup steps (see Appendix A.5 in the handbook):

Create a supfile referencing RELENG_5_3
Cvsup
Make buildworld
Add appropriate pf* lines in kernel config (copy of GENERIC)
Make buildkernel
Make installkernel
Reboot to single user mode (optional)
Make installworld
Mergemaster
Exit to multiuser (only if you are in single user mode)
Play with PF

I've built PF and ALTQ the manual way (on 5.0/5.1) and longed for the day when I
could just cvsup my system and be done with it.

> there is a port: /usr/ports/security/pf.
> Installing PF from there is pretty straightforward.
> I use it on several FreeBSD 5.2.1 machines.

The ports version is based on OpenBSD 3.4 code, so it's fairly dated.  Not
saying it's bad, but it doesn't have many of the newer features that the
recent/latest code provides.

HTH