[pf4freebsd] Re: Version 0.63 released

Max Laier max at love2party.net
Wed Sep 15 20:38:28 PDT 2004 

> Hi everyone,
>
> i made a port for this today. Since this is a first shot and i've never
> made a port ever before so any suggestions are welcome.
>
> If you build the port with "make install WITH_ALTQ=yes" it should build
> with ALTQ support. I have not been able to test it since i only have a
> -CURRENT system. So if anyone could test and give me some feedback.
>
> The port is available at http://flds.dyndns.org/pf.tar.gz . Just extract
> the file in /usr/ports/security/ goto /usr/ports/security/pf/ and
> install it like any other port.
>
> I haven't included any stop/start scrips nor a pf.conf yet. Should we
> add the default OpenBSD pf.conf ?
>
>
> flo

Great! Thanks for your effort! There are some issues that need to be
addressed though:

1) A port should imho not install everything. authpf and spamd should go
into a seperate port. Authpf because of setuid() which might scare away some
users and spamd because it's not really in realtion with pf and rather
standalone.
2) ftp-proxy, spamd and authpf need special users. These need to be created
by a pkg-install script.
3) boot up script, pf.conf.sample and sample entry to inetd.conf as well as
required entries in etc/services should be inculded.
4) installing the modules to boot/kernel is not what one would really want.
boot/modules or usr/local/somewhere would be the better choice. That can be
achived by setting MAKE_ARGS= KMODDIR="whatsoever"

I have a port that does that, but it is build apon our (yet internal) 1.0-RC
with modified Makefiles which make portbuilding somewhat easier. You can
grap a copy of it (with an allready _outdated_ tarball of version 1.0) from
http://pf4freebsd.love2party.net/sampleport.tar.gz to see what the Makefiles
will be like in the end and what I have in mind. It's my first port as well,
so don't exspect too much.
There are some things that need to be addressed with my port as well. For
example user proxy (for ftp-proxy) is created in group bin while it should
rather create it's own group.

I was exspecting to get that stuff done some days ago, but didn't find the
time :(
If you have much time at hand, check out the port and tell me what you
think. I hope we can release 1.0 soon and build a port of it.

Thanks for your work!
    Max

More information about the freebsd-pf mailing list