Date: Mon, 22 Mar 2004 21:14:27 +0100 From: Max Laier <max@love2party.net> To: freebsd-current@freebsd.org Cc: Claus Guttesen <cguttesen@yahoo.dk> Subject: Re: pf startup script Message-ID: <200403222114.36153.max@love2party.net> In-Reply-To: <047d01c40fb5$bbd67db0$0201a8c0@idlewild.net> References: <024201c40eba$22912520$0201a8c0@idlewild.net> <20040321192041.GA43656@router.laiers.local> <047d01c40fb5$bbd67db0$0201a8c0@idlewild.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Boundary-03=_sk0XAtdYyut3j2w Content-Type: multipart/mixed; boundary="Boundary-01=_jk0XAyMmCwVEq95" Content-Transfer-Encoding: 7bit Content-Disposition: inline --Boundary-01=_jk0XAyMmCwVEq95 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Okay, two positive replys so far hence I plan to commit it with a minor twe= ak=20 to redirect "pfctl -Fa" output entirely to /dev/null. See attachment. Can=20 somebody with more rcNG-fu look at this, please? On Monday 22 March 2004 03:31, Robert Schmaling wrote: > Seems to work just fine. > > Thank you, > ----- Original Message ----- > From: "Max Laier" <max@love2party.net> > To: "Claus Guttesen" <cguttesen@yahoo.dk> > Cc: "Robert Schmaling" <rschmali@comcast.net>; > <freebsd-current@freebsd.org> Sent: Sunday, March 21, 2004 2:20 PM > Subject: Re: pf startup script > > On Sat, Mar 20, 2004 at 11:25:04PM +0100, Claus Guttesen wrote: > > > Is there supposed to be a startup script for pf > > > installed now that it's part > > > of the base system, or am I missing something? > > > > A bsd-fellow suggested I used the startup-script from > > pf in the ports-col. I placed it in > > /usr/local/etc/rc.d and changed the script, so it > > would load the pf-mod. from /boot/kernel. > > > > You cold copy ipfilter/ipfw and make a pf-script. > > I planned to commit something for a while, but real-life (i.e. exams) and > missing libpcap-support -> missing pflogd stopped me until now. Attached = is > my wip-version of rc.d/pf and required diff to defaults/rc.conf. Comments > welcome, as I am not very familiar with rcNG (it's more or less a copy of > the ipfilter script). =2D-=20 Best regards, | mlaier@freebsd.org Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet --Boundary-01=_jk0XAyMmCwVEq95 Content-Type: text/x-diff; charset="iso-8859-1"; name="defaults_rc.conf.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="defaults_rc.conf.diff" --- rc.conf~ Sat Mar 20 03:22:02 2004 +++ rc.conf Sun Mar 21 20:07:41 2004 @@ -98,6 +98,10 @@ # of state tables at shutdown and boot ipfs_program="/sbin/ipfs" # where the ipfs program lives ipfs_flags="" # additional flags for ipfs +pf_enable="NO" # Set to YES to enable packet filter (pf) +pf_rules="/etc/pf.conf" # rules definition file for pf +pf_program="/sbin/pfctl" # where the pfctl program lives +pf_flags="" # additional flags for pfctl tcp_extensions="YES" # Set to NO to turn off RFC1323 extensions. log_in_vain="0" # >=1 to log connects to ports w/o listeners. tcp_keepalive="YES" # Enable stale TCP connection timeout (or NO). --Boundary-01=_jk0XAyMmCwVEq95-- --Boundary-03=_sk0XAtdYyut3j2w Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAX0ksXyyEoT62BG0RAoHVAJ40z/CgJ01jL1WbMaOPbWn2chKDhgCfS2Sc d0ODT1OC3PmbbUWVPZrGQ7E= =Pa6+ -----END PGP SIGNATURE----- --Boundary-03=_sk0XAtdYyut3j2w--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403222114.36153.max>