OpenBSD PF firewall in Freebsd
Giorgos Keramidas
keramida at ceid.upatras.gr
Tue Jul 25 16:16:10 UTC 2006
On 2006-07-25 18:53, Ivan Levchenko <levchenko.i at gmail.com> wrote:
> Hello all,
>
> Is PF installed with the base system in FreeBSD 6.1? I see that there
> is IPF, is it the same thing? I didn't find PF in the ports tree, so
> thats why i'm asking.
Yes, PF is part of the base system in recent FreeBSD releases.
To enable PF support, you can either load it as a module (kldload pf),
or compile it into your custom kernel. The startup scripts of the
system support loading the module, if necessary, so to use PF you can
just enable it in `/etc/rc.conf', i.e. with something like:
pf_rules="/etc/pf.conf"
pf_enable="YES"
pflog_enable="YES"
Then, all you have to do is tune your ruleset in `/etc/pf.conf', and off
you go :)
One tricky point that you should pay attention to is that when PF is
used as a loadable kernel module you cannot use ALTQ for traffic
shaping. To be able to use the ALTQ features, you have to build a
custom kernel that includes both PF and ALTQ options.
HTH,
-- Giorgos
More information about the freebsd-questions
mailing list