Date: Fri, 5 May 2006 08:53:24 -0700 From: "Atom Powers" <atom.powers@gmail.com> To: "Bryan Curl" <bc3910@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: ipfirewall tricks Message-ID: <df9ac37c0605050853u1d3d5bc8o71ae775079d4de54@mail.gmail.com> In-Reply-To: <51257d370605050646p16e413e9je128abd16ff87e32@mail.gmail.com> References: <51257d370605021635x126d6560ueffdba9285d763da@mail.gmail.com> <df9ac37c0605022041u2fa68b83t4ad6e4291f65a3cf@mail.gmail.com> <51257d370605050646p16e413e9je128abd16ff87e32@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Unlike pf, pflog does not have a loadable module. You have to build it into the kernel. On 5/5/06, Bryan Curl <bc3910@gmail.com> wrote: > On second look PF has some definite improvements over IPFilter. > My rule set file is half as long for one thing. I like the macros and > tables. > > I'm still reading throught he documentation, but, I have not figured out = why > the log doesnt seem to be working yet. I have all the required entries in > rc.conf. > pf_enable=3D"YES" # Enable PF (load module if required) > pf_rules=3D"/etc/pf.conf" # rules definition file for pf > pf_flags=3D"" # additional flags for pfctl startup > > pflog_enable=3D"YES" # start pflogd(8) > pflog_logfile=3D"/var/log/pflog" # where pflogd should store the logfile > pflog_flags=3D"" # additional flags for pflogd startup > > Handbook at http://www.openbsd.org/faq/pf/. seems to indicate I need a > device named pflog0 which I do not have. Also pflogd does not start on bo= ot > even tough it is listed in rc.conf. Perhaps the start up script did not g= et > installed into the correct location. My installatin was from the 6.0 rele= ase > ISO. so I would naturally assume it is correct. > > Thanks for the reminder of this program. I think I will like it better th= an > the others for my purposes and administrative skill level. > > > On 5/2/06, Atom Powers <atom.powers@gmail.com> wrote: > > On 5/2/06, Bryan Curl <bc3910@gmail.com> wrote: > > > I want to limit time my kids spend on the internet. > > > The way I am doing it is to make varying, seperate ipf.rules files an= d > > > install them from cron at the appropriate time. > > > Problem is, if I make a change to one file, I generally have to updat= e > all > > > the others accordingly. > > > > > > Is there a better way? I have read man ipf but didnt come out with an= y > > > ideas. > > > > I would use pf and have something like this: > > > > pf.conf > > ---- > > block out all from <kids> to any > > ---- > > > > crontab > > ---- > > pfctl -t kids -T add kids.ip.to.block > > pfctl -t kids -T del kids.ip.to.allow > > ---- > > > > You can also keep the IPs in a flat file and just tell pf to re-read > > the file (or read a different file) to update the table. > > > > I love pf. > > > > -- > > -- > > Perfection is just a word I use occasionally with mustard. > > --Atom Powers-- > > > > > > -- > > -- > Bryan > bc3910 'at' gmail 'dot' com -- -- Perfection is just a word I use occasionally with mustard. --Atom Powers--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?df9ac37c0605050853u1d3d5bc8o71ae775079d4de54>