pf for FreeBSD

Cristi Tauber cristi.tauber at sbhost.ro
Tue Sep 28 03:32:46 PDT 2004 

      Hello,
   i'm using 5.2.1 and i want to recompile pf to take advantage of ALTQ.
This was the reason for reinstalling. What about that prefix in startup
script ... this is were i have no clues ... what's the path ...
    And another thing ... if i want to install pf now it says that is
allready installed ... strange ... because i can't find it now, not
the binaries nor the modules .
       Cristi

> Hi,
>
>>             hello folks,
>>     i want to install the packet filter for FreeBSD so i recompile the
>> kernel with the options :
>>
>> device          bpf
>> options         PFIL_HOOKS
>> options         RANDOM_IP_ID
>>
>>      and installed pf from ports ( i did a cvsup before installing to
>> get the latest ports). Now my dilemma is ... in pf start script ... i
>> have to enter a prefix ... but what prefix, 'cause after
>> installing and
>> rebooting .... the modules that I want to load are still in source
>> directory . I installed pf with
>>
>>    make  WITH_ALTQ=yes
>>    make install
>>
>>           after a deinstall I can't install it anymore, the install
>> crashes with the error that is allready installed !!
>>
>>                What can I do ??/
>
> I'm using pf without a problem. Not sure what exact version of FreeBSD 5.x
> you're using. According to /usr/src/UPDATING Since 08-Mar-2004 pf has been
> part of the base system and doesn't require the pf port to be installed.
> So,
> a way forward could be to ensure you've updated to latest 5.x version (cvs
> tag RELENG_5). Then I suggest you read /usr/src/UPDATING as it also
> contains
> some info on the pf groups & users required.
>
> I have the following devices in my kernel:
> device	PFIL_HOOKS
> device	pf
> device	pflog
>
> I have the following in /etc/rc.conf:
> pf_enable="YES"
> pflog_enable="YES"
> pf_rules="<Path to rules>"
>
> You will also need the authpf group and the  _pflogd user & group. You can
> get the details by downloading the latest source and checking the passwd &
> group files under /usr/src/etc.
>
> in /etc/passwd:
> _pflogd:*:64:64:pflogd privesp user:/var/empty:/usr/sbin/nologin
>
> in /etc/group:
> authpf:*:63:
> _pflogd:*:64:
>
> I will leave it to you on how you generate a ruleset. Personally I use
> fwbuilder.org .
>
> Thanks,
> Phil.
>
>
>
>
> ---------------------------------------------------
> This message and its contents have been scanned and certified for
> transmission as being free from malicious code by <<eTrust Antivirus>>.
> This
> message may contain confidential, privileged or other legally protected
> information. It is intended for the addressee(s) only. If you are not the
> addressee, or someone the addressee authorized to receive this message,
> you
> are prohibited from copying, distributing or otherwise using it. Please
> notify the sender and return it.Thank you.
>
>
>
>


---------------------------------------------------
This message and its contents have been scanned and certified for
transmission as being free from malicious code by <<eTrust Antivirus>>. This
message may contain confidential, privileged or other legally protected
information. It is intended for the addressee(s) only. If you are not the
addressee, or someone the addressee authorized to receive this message, you
are prohibited from copying, distributing or otherwise using it. Please
notify the sender and return it.Thank you.

More information about the freebsd-questions mailing list