Future of pf in FreeBSD ? - does it have one ?
Mark Martinec
Mark.Martinec+freebsd at ijs.si
Thu Jul 10 12:50:11 UTC 2014
me wrote:
> It compiles just fine, but can't be loaded or run.
> If memory serves, pf kernel module loads fine but pfctl fails,
> and the ipfw kernel module can't be loaded at all. Will need
> to re-run this experiment to make sure, and will report back.
Updating my statement after checking with release/10.0
kernel, rebuilt with:
include GENERIC
options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_PRIQ
options ALTQ_NOPCC
makeoptions MKMODULESENV+="WITHOUT_INET_SUPPORT="
nooptions INET
So, the pf does indeed load and run, but states that ALTQ
is not available. Tried some simple rules and appears ok,
although some rules are not liked, e.g.:
set skip on lo0
produces:
# pfctl -f /etc/pf.conf
No ALTQ support in kernel
ALTQ related functions disabled
pfctl: socket: Address family not supported by protocol family
The ipfw is another story. Seems the module ipfw.ko is not
built at all, although there is a ipfw_nat.ko :
# ls -c1 /boot/kernel/*ipfw*
/boot/kernel/ipfw_nat.ko
/boot/kernel/ipfw_nat.ko.symbols
/boot/kernel/ng_ipfw.ko
/boot/kernel/ng_ipfw.ko.symbols
Mark
More information about the freebsd-pf
mailing list