From owner-freebsd-pf@FreeBSD.ORG Tue Jun 19 11:57:24 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A68CB16A421 for ; Tue, 19 Jun 2007 11:57:24 +0000 (UTC) (envelope-from gergely.czuczy@harmless.hu) Received: from marvin.harmless.hu (marvin.harmless.hu [195.56.55.204]) by mx1.freebsd.org (Postfix) with ESMTP id 3711A13C44B for ; Tue, 19 Jun 2007 11:57:24 +0000 (UTC) (envelope-from gergely.czuczy@harmless.hu) Received: from localhost (marvin-mail [192.168.0.2]) by marvin.harmless.hu (Postfix) with ESMTP id 248BF7C109C; Tue, 19 Jun 2007 13:57:31 +0200 (CEST) X-Virus-Scanned: by amavisd-new-2.4.2 (20060627) (Debian) at harmless.hu Received: from marvin.harmless.hu ([192.168.0.2]) by localhost (marvin.harmless.hu [192.168.0.2]) (amavisd-new, port 10024) with ESMTP id ik7jLV9jI4B4; Tue, 19 Jun 2007 13:57:30 +0200 (CEST) Received: from marvin.harmless.hu (localhost [127.0.0.1]) by marvin.harmless.hu (Postfix) with ESMTP id 9DE647C104F; Tue, 19 Jun 2007 13:57:15 +0200 (CEST) Date: Tue, 19 Jun 2007 13:57:15 +0200 From: Gergely CZUCZY To: Rob Shepherd Message-ID: <20070619115715.GA96740@harmless.hu> References: <4677BF4A.8000601@techniumcast.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=x-unknown; protocol="application/pgp-signature"; boundary="J2SCkAp4GZ/dPZZf" Content-Disposition: inline In-Reply-To: <4677BF4A.8000601@techniumcast.com> User-Agent: mutt-ng/devel-r804 (FreeBSD) Cc: freebsd-pf@freebsd.org Subject: Re: firewalling and ALTQ X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jun 2007 11:57:24 -0000 --J2SCkAp4GZ/dPZZf Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 19, 2007 at 12:34:34PM +0100, Rob Shepherd wrote: > Dear freebsd firewallers, >=20 > I've just installed FreeBSD with a view to making a traffic shaping, or e= ssentially transfer capacity limiting device. >=20 > This must sit on bridged interfaces between org and edge outers. >=20 > I'm having some difficulty working out which bits I need, which packet fi= lter to use and how to get started. >=20 > The appears to be 3 packet filters >=20 > pf,ipf,ipfw >=20 > is this right? ALTQ works with each? >=20 > additionaly, I don't seem to have any /dev/ entries >=20 > croesor# pfctl -v > pfctl: /dev/pf: No such file or directory > croesor# ipfstat > open(IPSTATE_NAME): No such file or directory > croesor# ipf -V > ipf: IP Filter: v4.1.13 (528) > open device: No such file or directory >=20 > I'd like some pointers to get me on track please. >=20 > There are many tutorials, but It's impossible to know what is the current= supported filter package, what works best with bridging and ALTQ and how= =20 > to test them when there's bit's missing. >=20 > Cheers >=20 > Rob Please read the handbook's section on all the firewalls. It's explained the= re what do you need to make them work. And the handbook should be your primary source of information along with the manuals, and definitely not some googled tutorials or howtos. http://www.freebsd.org/handbook and look for "firewall" Bye, Gergely Czuczy mailto: gergely.czuczy@harmless.hu --=20 Weenies test. Geniuses solve problems that arise. --J2SCkAp4GZ/dPZZf Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) owGNVb9vHEUUNomgGClFSrqnAEoi357vnGAnhy6JnV8ySoJJTkSIAs3uvr0dvDuz zMze5tIhUVC4QFCmiUSNBFL+BCQ6JLoglJ4aiYIG8c3cnWMaFMln2TNv3vve933v 3denTq6dOP3LD88+WT/85slr379xmK7Xrfd6mtTSzpROhoPBMLm8tX1xkGwnW8NL lwdyuLU9yId5OixudT89uW60Z+2TybzhEXl+5DeaSir9HmWltI79uPVFckms4m4o 1xinvDJ6REpXSvPR3cRK7Qq2yU2dmVzp6Yg+b43nPGms0l6mFQvxgaZJyz16v9U0 vNyjzcFgm6Sn4ebowkX87N+l9QFg9+i+SelByU3JNqfOItFIXKEbLC0Vljl1ORXK cieriq3riSvjzQEC9s7OmD5rnQc858NlTrcQv/vgBnXKlyRpprgjb6iWB0CJA29l UaiMXCkbnPTIWOKxcA5tKaSYh4jYG2WykZnyc6pUDRrwPOeZyri/qj8plaM61AdN ZDSlVuVTgAAFbAuZsaOUfcesUQbVdU6MADIt7l3/ZR81lXIWKjhTM+UqQGwrlO6M jcDxgrpSZSWlyjvaI82c95ZHgHnAHhSNRYXEod/WcSxXmtj+FNdgyEKhY+gR0jQg 2YWQlOnCy0whj1tFNkVPLT7d6giN+9C9VdPSX6WdO5MPI1a3IJ5lVl5dxco8jy6S 1bwH5LnRZ4GGuQ5l0XdAOqcNkLtBUMEqPqqcWcPO2LcAIfMVJbOIBn+OFvFNMaJ7 hlwLFgCag5o5nJJ5Y+fH3wM7+vc4Mg3rc3v7DyY7k5uf3tu5e/P8q6eg5KPQe6i6 t0+3Iksjml3sD/vDC3Tu3c1L55cVllb539Qr8XMY7IAX0jcmesetRMMRfAVLZgfU VCzdcfexBXX41IE/3yIrHOx6lMIse/6sI1Vjgp3CNIZ8Bxpm6EpMYFSPKWutBeFj AYhNY4I7ltJHI8gp9xbxC2VThtOjvNHncZ5gsag9rdw2Fgt0qOdDPOrUSAJGfMAL UDAwftcKwPT0qJvrJR9zHBaC2I/tkmWZR7QlKqTGHOCxA4UwVKAGIxtvV/vB9Ret 86O43Di+HQuwFDoRuaG5aeP0LNcCLyGixb4QO/q/xbAnTFvlYTrwDrxYhX07h1it zaBNgVkvjK1lxCMrA1ICRSIkgS5tFCRwk3OhtPKMDaONX6g9NWYaltaRdsEhINEb LAdRet+MNja6rusvt2AfW2RjBU2ErFXACAB0ZkXAGSF259wT4jbbaah2/XGbPZ6L WkJZM4Kr4nE/i8fXsPrrip3rl60QSRLof4h9hRmM+vXpNv7BNgHppsKoNtbATnUw EIwhrQqO/OrqydfXwnfM6gvq9Inb19aeHv768R93novnu3/+9fuPb9/3L+rv/l57 +u2prebhl8mzw/Sfp1+s/fbmi5/foX8B =aRp8 -----END PGP SIGNATURE----- --J2SCkAp4GZ/dPZZf--