Date: Sat, 21 Jan 2006 22:34:53 +0100 (CET) From: Daniel Gerzo <danger@rulez.sk> To: FreeBSD-gnats-submit@FreeBSD.org Subject: docs/92113: [PATCH] a little addition to the firewalls-pf section of the handbook Message-ID: <20060121213453.8875F1CD7C@mail.rulez.sk> Resent-Message-ID: <200601212150.k0LLo5WY044543@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 92113 >Category: docs >Synopsis: [PATCH] a little addition to the firewalls-pf section of the handbook >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sat Jan 21 21:50:02 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Daniel Gerzo >Release: FreeBSD 6 i386 >Organization: rulez.sk >Environment: System: FreeBSD daemon.rulez.sk 6 #0: Sat Jan 21 10:38:47 CET 2006 danger@daemon.rulez.sk:/usr/obj/usr/src/sys/daemon i386 >Description: I've written a little addition for the handbook - the section about firewalls, namely pf section. this diff has already been a bit reviewed by brd@ (thanks for help :)) and the built version is available at http://www.sk.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf-new.html >How-To-Repeat: check the handbook >Fix: --- pf.diff begins here --- --- /usr/home/danger/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml.orig Thu Jan 5 20:03:37 2006 +++ /usr/home/danger/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml Sat Jan 21 21:14:58 2006 @@ -1,7 +1,7 @@ <!-- The FreeBSD Documentation Project - $FreeBSD: /repoman/r/dcvs/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml,v 1.63 2006/01/05 20:03:37 delphij Exp $ + $FreeBSD: doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml,v 1.63 2006/01/05 20:03:37 delphij Exp $ --> <chapter id="firewalls"> @@ -256,16 +256,6 @@ <para>More info can be found at the PF for &os; web site: <ulink url="http://pf4freebsd.love2party.net/"></ulink>.</para> - <para>The OpenBSD PF user's guide is here: <ulink - url="http://www.openbsd.org/faq/pf/"></ulink>.</para> - - <warning> - <para>PF in &os; 5.X is at the level of OpenBSD version 3.5. The - port from the &os; Ports Collection is at the level of OpenBSD - version 3.4. Keep that in mind when browsing the user's - guide.</para> - </warning> - <sect2> <title>Enabling PF</title> @@ -283,6 +273,21 @@ was defined during the build, it also requires <literal>options INET6</literal>.</para> </note> + + <para>Once the kernel module is loaded or the kernel is statically + built with PF support, it is possible to enable or disable + <application>pf</application> with <command>pfctl</command> + command.</para> + + <para>This example demonstrates how to enable the + <application>pf</application>:</para> + + <screen>&prompt.root; <userinput>pfctl -e</userinput></screen> + + <para>The <command>pfctl</command> command provides a way to work + with the <application>pf</application> firewall. It is a good + idea to check the &man.pfctl.8; manual page to find out more + information about using it.</para> </sect2> <sect2> @@ -413,6 +418,37 @@ <acronym>SMP</acronym> support for <acronym>ALTQ</acronym>. This option is required on <acronym>SMP</acronym> systems.</para> + </sect2> + + <sect2> + <title>Creating Filtering Rules</title> + + <para>The Packet Filter reads it's configuration rules from the + &man.pf.conf.5; file and it modifies, drops or passes packets + according to the rules or definitions specified there. The &os; + installation comes with a default + <filename>/etc/pf.conf</filename> which contains useful examples + and explanations.</para> + + <para>Although &os; has it's own <filename>/etc/pf.conf</filename> + the syntax is the same as one used in OpenBSD. A great + resource for configuring the <application>pf</application> + firewall has been written by OpenBSD team and is available at + <ulink url="http://www.openbsd.org/faq/pf/"></ulink>.</para> + + <warning> + <para>The <application>pf</application> firewall in &os; 5.X is + at the level of OpenBSD version 3.5 and in &os; 6.X is at the + level of OpenBSD version 3.7. The port from the &os; Ports + Collection is at the level of OpenBSD version 3.4. Please, + keep that in mind when browsing the + <application>pf</application> user's guide.</para> + </warning> + + <para>The &a.pf; is a good place to ask questions about + configuring and running the <application>pf</application> + firewall. Do not forget to check the mailing list archives + before asking questions.</para> </sect2> </sect1> --- pf.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060121213453.8875F1CD7C>