pf for FreeBSD
philip.payne at uk.mci.com
Tue Sep 28 04:12:43 PDT 2004
I'm not sure of the dates of when 5.2.1 was released to tell you for sure
whether pf is available in the kernel or not. I only started using 5.x when
5.3-Beta was released and pf has always been available in kernel for me.
Never used the port.
To check if pf is installed/available you could try the command line via
which pf is configured i.e. # pfctl -sa (i.e. show all currently configured
options for pf).
To check if its available in the base system you could try configuring a
kernel with the devices in my previous email and see if they're accepted.
> -----Original Message-----
> From: Cristi Tauber [mailto:cristi.tauber at sbhost.ro]
> Sent: 28 September 2004 11:19
> To: Philip Payne
> Cc: FreeBSD Question
> Subject: RE: pf for FreeBSD
> i'm using 5.2.1 and i want to recompile pf to take
> advantage of ALTQ.
> This was the reason for reinstalling. What about that prefix
> in startup
> script ... this is were i have no clues ... what's the path ...
> And another thing ... if i want to install pf now it says that is
> allready installed ... strange ... because i can't find it now, not
> the binaries nor the modules .
> > Hi,
> >> hello folks,
> >> i want to install the packet filter for FreeBSD so i
> recompile the
> >> kernel with the options :
> >> device bpf
> >> options PFIL_HOOKS
> >> options RANDOM_IP_ID
> >> and installed pf from ports ( i did a cvsup before
> installing to
> >> get the latest ports). Now my dilemma is ... in pf start
> script ... i
> >> have to enter a prefix ... but what prefix, 'cause after
> >> installing and
> >> rebooting .... the modules that I want to load are still in source
> >> directory . I installed pf with
> >> make WITH_ALTQ=yes
> >> make install
> >> after a deinstall I can't install it anymore, the install
> >> crashes with the error that is allready installed !!
> >> What can I do ??/
> > I'm using pf without a problem. Not sure what exact version
> of FreeBSD 5.x
> > you're using. According to /usr/src/UPDATING Since
> 08-Mar-2004 pf has been
> > part of the base system and doesn't require the pf port to
> be installed.
> > So,
> > a way forward could be to ensure you've updated to latest
> 5.x version (cvs
> > tag RELENG_5). Then I suggest you read /usr/src/UPDATING as it also
> > contains
> > some info on the pf groups & users required.
> > I have the following devices in my kernel:
> > device PFIL_HOOKS
> > device pf
> > device pflog
> > I have the following in /etc/rc.conf:
> > pf_enable="YES"
> > pflog_enable="YES"
> > pf_rules="<Path to rules>"
> > You will also need the authpf group and the _pflogd user &
> group. You can
> > get the details by downloading the latest source and
> checking the passwd &
> > group files under /usr/src/etc.
> > in /etc/passwd:
> > _pflogd:*:64:64:pflogd privesp user:/var/empty:/usr/sbin/nologin
> > in /etc/group:
> > authpf:*:63:
> > _pflogd:*:64:
> > I will leave it to you on how you generate a ruleset.
> Personally I use
> > fwbuilder.org .
> > Thanks,
> > Phil.
> > ---------------------------------------------------
> > This message and its contents have been scanned and certified for
> > transmission as being free from malicious code by <<eTrust
> > This
> > message may contain confidential, privileged or other
> legally protected
> > information. It is intended for the addressee(s) only. If
> you are not the
> > addressee, or someone the addressee authorized to receive
> this message,
> > you
> > are prohibited from copying, distributing or otherwise
> using it. Please
> > notify the sender and return it.Thank you.
> This message and its contents have been scanned and certified for
> transmission as being free from malicious code by <<eTrust
> Antivirus>>. This
> message may contain confidential, privileged or other legally
> information. It is intended for the addressee(s) only. If you
> are not the
> addressee, or someone the addressee authorized to receive
> this message, you
> are prohibited from copying, distributing or otherwise using
> it. Please
> notify the sender and return it.Thank you.
More information about the freebsd-questions