Looking for docs on installing pf with FreeBSD 5.2.1

johnc johnc909 at comcast.net
Mon Jan 17 12:37:42 PST 2005

Hmm, yeah, given the state of documentation, etc, on 5.2.1 for pf,  
patching up to 5.3 is probably the way to go.
I do run a low volume web server/NAT gateway at home, and was just 
hoping to get it up with a minimum of perturbing the core of my system.

But if I really want pf, I guess that's inevitable, it seems.   Well, 
time to try my hand at cvsup :)


pf-r at solarflux.org wrote:

>>>I'm running FreeBSD 5.2.1, and can't seem to find any comprihensive docs
>>>on getting pf running on it.  I've followed what's in the handbook, but
>>>the kernel config file doesn't recognize the device statements for pf.
>>>I really would like to avoid upgrading the system to 5.3+, if possible.
>>>Any pointers?
>The best and easiest way to have the most secure system and recent pf code is to
>cvsup your FreeBSD 5.2.1 system to a patched 5.3-RELEASE, IMO.  Not sure if
>-STABLE or -CURRENT would offer newer pf code, but if this is a production box,
>neither -STABLE nor -CURRENT are recommended anyway.
>There are plenty of comprehensive docs on updating (via cvsup) your 5.2.1 system
>to the latest security branch (RELENG_5_3).  Then you'll have pf as a loadable
>kernel module already in the system.  I believe the pf-enabling instructions in
>the handbook are for 5.3.
>Quick and dirty cvsup steps (see Appendix A.5 in the handbook):
>Create a supfile referencing RELENG_5_3
>Make buildworld
>Add appropriate pf* lines in kernel config (copy of GENERIC)
>Make buildkernel
>Make installkernel
>Reboot to single user mode (optional)
>Make installworld
>Exit to multiuser (only if you are in single user mode)
>Play with PF
>I've built PF and ALTQ the manual way (on 5.0/5.1) and longed for the day when I
>could just cvsup my system and be done with it.
>>there is a port: /usr/ports/security/pf.
>>Installing PF from there is pretty straightforward.
>>I use it on several FreeBSD 5.2.1 machines.
>The ports version is based on OpenBSD 3.4 code, so it's fairly dated.  Not
>saying it's bad, but it doesn't have many of the newer features that the
>recent/latest code provides.
>freebsd-pf at freebsd.org mailing list
>To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"

More information about the freebsd-pf mailing list