How does /dev/pf get created?

Gavin Spomer spomerg at cwu.EDU
Mon Jan 28 15:27:19 PST 2008


Well, after a recommendation from our university network engineer, Chris, who is a FreeBSD expert, I decided to look into the whole devfs thing. Although it was new to me, a couple of quick glances at man pages and experiments produced a /dev/pf for me. Now I have a firewall! :D Seems very strange to me that I had to do this to make it work, however. Can anyone tell me what the permissions/ownerships for thier /dev/pf is? I want to make sure that mine is kosher, even though my pf is already working.

Thanks to all who helped me on this problem, not to mention those who's mailboxes filled up with this thread! ;)

Now I'm having fun dinking around with the pf.conf. One thing I really dig so far about pf versus the firewall I use on my SuSE machines (iptables), is that I don't have to reboot for changes to take effect. Way happy about that! :)

- Gavin

>>> Gavin Spomer <spomerg at cwu.EDU> 01/25/08 3:30 PM >>>
>>> Jeremy Chadwick <koitsu at FreeBSD.org> 01/25/08 2:39 PM >>>
> link_elf: symbol altq_remove undefined
> link_elf: symbol altq_remove undefined
> link_elf: symbol altq_remove undefined
> link_elf: symbol altq_remove undefined
> link_elf: symbol altq_remove undefined
> link_elf: symbol altq_remove undefined
And, very likely, here is the cause of your pf problem.  :-)  Please go
back to what I said about your kernel configuration -- you're missing a
lot of "option" arguments for ALTQ support.  Add all of the ones I gave
you, follow the instructions for buildkernel/installkernel, and it
should all begin working.

   The ALTQ options are still in my kernel; I never removed them since you recommended I put them in and I rebuilt my
   kernel. I went ahead and did the buildkernel/installkernel again, checking to see if the ALTQ stuff was in there before. This
   time I tried adding the "device pf" stuff back in. Still the same story. Maybe I'm rebuilding my kernel wrong? Doesn't seem
   likely. How hard is it to screw up the following?

   1. vi /usr/src/sys/i386/conf/MACHINEHOSTNAME (edit accordingly)
   2. cd /usr/src
   3. make buildkernel KERNCONF=MACHINEHOSTNAME
   4. make installkernel KERNCONF=MACHINEHOSTNAME
   5. shutdown -r now

   Well, the weekend is upon us. We can continue this on Monday, if you're still willing. Thanks for the extra effort.

   - Gavin
_______________________________________________
freebsd-pf at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"



More information about the freebsd-pf mailing list