Date: Mon, 17 Jan 2005 12:37:41 -0800 From: johnc <johnc909@comcast.net> To: freebsd-pf@freebsd.org Subject: Re: Looking for docs on installing pf with FreeBSD 5.2.1 Message-ID: <41EC2215.7080303@comcast.net> In-Reply-To: <1105986198.41ec0296e22ae@mail.fluidhosting.com> References: <41EB7268.7090802@comcast.net> <c2d45d6e0501170021582f126e@mail.gmail.com> <1105986198.41ec0296e22ae@mail.fluidhosting.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hmm, yeah, given the state of documentation, etc, on 5.2.1 for pf, patching up to 5.3 is probably the way to go. I do run a low volume web server/NAT gateway at home, and was just hoping to get it up with a minimum of perturbing the core of my system. But if I really want pf, I guess that's inevitable, it seems. Well, time to try my hand at cvsup :) Thanks, -John pf-r@solarflux.org wrote: >>>I'm running FreeBSD 5.2.1, and can't seem to find any comprihensive docs >>>on getting pf running on it. I've followed what's in the handbook, but >>>the kernel config file doesn't recognize the device statements for pf. >>>I really would like to avoid upgrading the system to 5.3+, if possible. >>> >>>Any pointers? >>> >>> > >The best and easiest way to have the most secure system and recent pf code is to >cvsup your FreeBSD 5.2.1 system to a patched 5.3-RELEASE, IMO. Not sure if >-STABLE or -CURRENT would offer newer pf code, but if this is a production box, >neither -STABLE nor -CURRENT are recommended anyway. > >There are plenty of comprehensive docs on updating (via cvsup) your 5.2.1 system >to the latest security branch (RELENG_5_3). Then you'll have pf as a loadable >kernel module already in the system. I believe the pf-enabling instructions in >the handbook are for 5.3. > >Quick and dirty cvsup steps (see Appendix A.5 in the handbook): > >Create a supfile referencing RELENG_5_3 >Cvsup >Make buildworld >Add appropriate pf* lines in kernel config (copy of GENERIC) >Make buildkernel >Make installkernel >Reboot to single user mode (optional) >Make installworld >Mergemaster >Exit to multiuser (only if you are in single user mode) >Play with PF > >I've built PF and ALTQ the manual way (on 5.0/5.1) and longed for the day when I >could just cvsup my system and be done with it. > > > >>there is a port: /usr/ports/security/pf. >>Installing PF from there is pretty straightforward. >>I use it on several FreeBSD 5.2.1 machines. >> >> > >The ports version is based on OpenBSD 3.4 code, so it's fairly dated. Not >saying it's bad, but it doesn't have many of the newer features that the >recent/latest code provides. > >HTH >_______________________________________________ >freebsd-pf@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-pf >To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41EC2215.7080303>