How does /dev/pf get created?
Gavin Spomer
spomerg at cwu.EDU
Fri Jan 25 08:52:16 PST 2008
Thanks Jeremy. See more below.
>>> Jeremy Chadwick <koitsu at FreeBSD.org> 01/25/08 8:12 AM >>>
On Fri, Jan 25, 2008 at 07:43:54AM -0800, Gavin Spomer wrote:
> I did it via the command line:
> make buildkernel KERNCONF=MACHINEHOSTNAME
> make installkernel KERNCONT=MACHINEHOSTNAME
Your installkernel line is incorrect. KERNCONT != KERNCONF.
That was a typo in my email, not what I actually typed when I build my kernel. Sorry 'bout that. ;)
(more below)
> Shouldn't having "device pf" in MACHINEHOSTNAME file and building provide /dev/pf?
Yes and no. The /dev/pf device is created on-the-fly when the pf module
is loaded by the kernel. It is not a device that's made during build
time or via any other means.
A missing /dev/pf (as claimed by your pfctl) seems to indicate you do
not have the pf module loaded into the kernel (either as a module loaded
via kldload, or built-in to the kernel via 'device pf')
On none of our production machines do we have "device pf" in our kernel
configs. Instead, we rely on the following /etc/rc.conf variable to
kldload the pf kernel module during boot:
pf_enable="yes"
If you want pflog support, you will also need the following line:
pflog_enable="yes"
Drivers being loaded This can be verified by doing `kldstat' and seeing the
module(s) loaded as so:
# kldstat
Id Refs Address Size Name
1 6 0xc0400000 3f5b50 kernel
2 1 0xc07f6000 64340 acpi.ko
4 2 0xc81b5000 2e000 pf.ko
6 1 0xcaf50000 3000 pflog.ko
Okay, well it's obvious that the modules aren't getting loaded, even though (as I said in original email) I have the
correct lines in /etc/rc.conf. I ran kldstat and only got:
Id Refs Address Size Name
1 8 0xc0400000 44c4e0 kernel
2 1 0xc084d000 2364 accf_http.ko
3 1 0xc0850000 59f20 acpi.ko
4 1 0xc881d000 16000 linux.ko
5 1 0xc8833000 4000 sysvshm.ko
(even more below)
> I have such a vanilla installation of FreeBSD, it's hard for me to see where I went wrong. I seem to have all the
> components of pf except /dev/pf. I have /sbin/pfctl, /etc/pf.conf, /boot/kernel/pf.ko, /boot/kernel/pflog.ko and the
> appropriate stuff I mentioned in /etc/rc.conf and probably others as well. I just don't have /dev/pf. How does this get
> created?
It would help if you could provide:
* Output of uname -a on the machine which doesn't have /dev/pf
* Output of kldstat
* Your /etc/rc.conf
* Your /boot/loader.conf
* Your /etc/make.conf
* Your kernel configuration file
uname -a: FreeBSD machinehostname.cwu.edu 6.2-RELEASE FreeBSD 6.2-RELEASE #2: Wed Dec 12 14:59:04 PST 2007 root at machinehostname.cwu.edu:/usr/obj/usr/src/sys/MACHINEHOSTNAME i386
kldstat: (see above)
/etc/rc.conf: (attached)
/boot/loader.conf:
# Makes Apache Work - 11/30/07 - GS
accf_http_load="YES"
/etc/make.conf:
# added by use.perl 2007-12-11 11:29:06
PERL_VER=5.8.8
PERL_VERSION=5.8.8
kernel config: (attached)
Thanks again, folks. FWIW, I'm a *little* new to FreeBSD. I've been using SuSE Linux for 2 years solid and have had
sporadic experience with FreeBSD and Solaris before that.
- Gavin
-------------- next part --------------
# -- sysinstall generated deltas -- # Thu Nov 29 13:29:41 2007
# Created: Thu Nov 29 13:29:41 2007
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
hostname="pc86579.d.cwu.edu"
ifconfig_bce0="DHCP"
linux_enable="YES"
sshd_enable="YES"
#usbd_enable="YES"
ntpd_enable="YES"
mysql_enable="YES"
apache22_enable="YES"
zope210_enable="YES"
zope210_instances="/usr/local/zope"
#Packet Filter (Firewall)
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
pflog_logfile="/var/log/pflog"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MACHINEHOSTNAME
Type: application/octet-stream
Size: 10834 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20080125/468fe191/MACHINEHOSTNAME.obj
More information about the freebsd-pf
mailing list