From owner-freebsd-doc@FreeBSD.ORG Sat Jan 21 21:50:06 2006 Return-Path: X-Original-To: freebsd-doc@hub.freebsd.org Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4628216A41F for ; Sat, 21 Jan 2006 21:50:06 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7959343D46 for ; Sat, 21 Jan 2006 21:50:05 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k0LLo58I044544 for ; Sat, 21 Jan 2006 21:50:05 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k0LLo5WY044543; Sat, 21 Jan 2006 21:50:05 GMT (envelope-from gnats) Resent-Date: Sat, 21 Jan 2006 21:50:05 GMT Resent-Message-Id: <200601212150.k0LLo5WY044543@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-doc@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Daniel Gerzo Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6FF9916A41F for ; Sat, 21 Jan 2006 21:43:24 +0000 (GMT) (envelope-from danger@rulez.sk) Received: from mail.rulez.sk (DaEmoN.RuLeZ.sK [84.16.32.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id E5FE043D45 for ; Sat, 21 Jan 2006 21:43:23 +0000 (GMT) (envelope-from danger@rulez.sk) Received: from localhost (localhost [127.0.0.1]) by mail.rulez.sk (Postfix) with ESMTP id 6DA7A1CC6E for ; Sat, 21 Jan 2006 22:43:22 +0100 (CET) Received: by mail.rulez.sk (Postfix, from userid 125) id 6CF3A1CDD8; Sat, 21 Jan 2006 22:51:40 +0100 (CET) Received: by mail.rulez.sk (Postfix, from userid 1001) id 8875F1CD7C; Sat, 21 Jan 2006 22:34:53 +0100 (CET) Message-Id: <20060121213453.8875F1CD7C@mail.rulez.sk> Date: Sat, 21 Jan 2006 22:34:53 +0100 (CET) From: Daniel Gerzo To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: docs/92113: [PATCH] a little addition to the firewalls-pf section of the handbook X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Daniel Gerzo List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jan 2006 21:50:06 -0000 >Number: 92113 >Category: docs >Synopsis: [PATCH] a little addition to the firewalls-pf section of the handbook >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sat Jan 21 21:50:02 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Daniel Gerzo >Release: FreeBSD 6 i386 >Organization: rulez.sk >Environment: System: FreeBSD daemon.rulez.sk 6 #0: Sat Jan 21 10:38:47 CET 2006 danger@daemon.rulez.sk:/usr/obj/usr/src/sys/daemon i386 >Description: I've written a little addition for the handbook - the section about firewalls, namely pf section. this diff has already been a bit reviewed by brd@ (thanks for help :)) and the built version is available at http://www.sk.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf-new.html >How-To-Repeat: check the handbook >Fix: --- pf.diff begins here --- --- /usr/home/danger/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml.orig Thu Jan 5 20:03:37 2006 +++ /usr/home/danger/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml Sat Jan 21 21:14:58 2006 @@ -1,7 +1,7 @@ @@ -256,16 +256,6 @@ More info can be found at the PF for &os; web site: . - The OpenBSD PF user's guide is here: . - - - PF in &os; 5.X is at the level of OpenBSD version 3.5. The - port from the &os; Ports Collection is at the level of OpenBSD - version 3.4. Keep that in mind when browsing the user's - guide. - - Enabling PF @@ -283,6 +273,21 @@ was defined during the build, it also requires options INET6. + + Once the kernel module is loaded or the kernel is statically + built with PF support, it is possible to enable or disable + pf with pfctl + command. + + This example demonstrates how to enable the + pf: + + &prompt.root; pfctl -e + + The pfctl command provides a way to work + with the pf firewall. It is a good + idea to check the &man.pfctl.8; manual page to find out more + information about using it. @@ -413,6 +418,37 @@ SMP support for ALTQ. This option is required on SMP systems. + + + + Creating Filtering Rules + + The Packet Filter reads it's configuration rules from the + &man.pf.conf.5; file and it modifies, drops or passes packets + according to the rules or definitions specified there. The &os; + installation comes with a default + /etc/pf.conf which contains useful examples + and explanations. + + Although &os; has it's own /etc/pf.conf + the syntax is the same as one used in OpenBSD. A great + resource for configuring the pf + firewall has been written by OpenBSD team and is available at + . + + + The pf firewall in &os; 5.X is + at the level of OpenBSD version 3.5 and in &os; 6.X is at the + level of OpenBSD version 3.7. The port from the &os; Ports + Collection is at the level of OpenBSD version 3.4. Please, + keep that in mind when browsing the + pf user's guide. + + + The &a.pf; is a good place to ask questions about + configuring and running the pf + firewall. Do not forget to check the mailing list archives + before asking questions. --- pf.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: