From owner-freebsd-net@FreeBSD.ORG Mon Mar 8 17:12:31 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 91A1716A4CF for ; Mon, 8 Mar 2004 17:12:31 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2BED043D2F for ; Mon, 8 Mar 2004 17:12:31 -0800 (PST) (envelope-from mlaier@vampire.homelinux.org) Received: from [212.227.126.208] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1B0VnK-000615-00 for net@freebsd.org; Tue, 09 Mar 2004 02:12:30 +0100 Received: from [217.227.158.24] (helo=vampire.homelinux.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 1B0VnK-0003hz-00 for net@freebsd.org; Tue, 09 Mar 2004 02:12:30 +0100 Received: (qmail 87435 invoked by uid 1001); 9 Mar 2004 01:19:08 -0000 Date: Tue, 9 Mar 2004 02:19:08 +0100 From: Max Laier To: current@freebsd.org Message-ID: <20040309011908.GA87400@router.laiers.local> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Dxnq1zWXvFF0Q93v" Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:e28873fbe4dbe612ce62ab869898ff08 cc: net@freebsd.org Subject: HEADS UP: pf linked to the build/install now X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Mar 2004 01:12:31 -0000 --Dxnq1zWXvFF0Q93v Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello, as you may have seen pf is now linked to the build and can be installed from the base system. Make sure to run `mergemaster -p' before the installworld as it requires two additional user accounts/groups. If you do not want to build/install pf you can use the NO_PF knob in /etc/make.conf For the moment you will have troubles with pflog and tcpdump as we are waiting for a vendor branch update of tcpdump/libpcap. To build a kernel that supports pf you have to add at least: options PFIL_HOOKS device pf to the GENERIC kernel configuration. Optional you can use: device pflog device pfsync to build-in logging and syncing. Note that it is currently not possible to pull in these in as a module right now. However it is possible to use pf as a module. To do this you must add the following to GENERIC: options PFIL_HOOKS options RANDOM_IP_ID already existing in GENERIC, but also required by pf as a module: options INET options INET6 device bpf These requirements can be tweaked by editing the modules/pf* Makefiles. I hope you have fun with pf and can make good use of it. Report problems, errors and questions to me or the pf-mailing-list pf4freebsd@freelists.org (see http://pf4freebsd.love2party.net/ for details) I'd try to avoid flooding -net or -current with pf related questions. There might be a freebsd-pf mailing-list some time soon. --=20 Best regards, | mlaier@freebsd.org Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet --Dxnq1zWXvFF0Q93v Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFATRuLXyyEoT62BG0RAmuwAJ9/KmCiBkcafER3+KN6PJUK0pv6tACbB2Z8 anvNWTormH9yP0rpDICP6L8= =8QGq -----END PGP SIGNATURE----- --Dxnq1zWXvFF0Q93v--