From owner-freebsd-doc@FreeBSD.ORG Sun Jan 22 18:43:58 2006 Return-Path: X-Original-To: freebsd-doc@FreeBSD.org Delivered-To: freebsd-doc@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB72C16A41F; Sun, 22 Jan 2006 18:43:57 +0000 (GMT) (envelope-from danger@rulez.sk) Received: from mail.rulez.sk (DaEmoN.RuLeZ.sK [84.16.32.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C3EB43D48; Sun, 22 Jan 2006 18:43:52 +0000 (GMT) (envelope-from danger@rulez.sk) Received: from localhost (localhost [127.0.0.1]) by mail.rulez.sk (Postfix) with ESMTP id 5D42A1CD01; Sun, 22 Jan 2006 19:43:49 +0100 (CET) Received: by mail.rulez.sk (Postfix, from userid 1001) id 03CE11CD39; Sun, 22 Jan 2006 19:43:43 +0100 (CET) Date: Sun, 22 Jan 2006 19:43:42 +0100 From: Daniel Gerzo To: Brad Davis Message-ID: <20060122184342.GA4483@daemon.rulez.sk> References: <200601221700.k0MH05Vi015157@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="Kj7319i9nmIyA2yE" Content-Disposition: inline In-Reply-To: <200601221700.k0MH05Vi015157@freefall.freebsd.org> User-Agent: Mutt/1.4.2.1i X-Virus-Scanned: by amavisd-new at mail.rulez.sk X-Spam-Status: No, score=-2.544 tagged_above=-999 required=5 tests=[AWL=0.056, BAYES_00=-2.599, NO_RELAYS=-0.001] X-Spam-Score: -2.544 X-Spam-Level: Cc: freebsd-doc@FreeBSD.org Subject: Re: docs/92113: [PATCH] a little addition to the firewalls-pf section of the handbook X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Jan 2006 18:43:58 -0000 --Kj7319i9nmIyA2yE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sun, Jan 22, 2006 at 05:00:05PM +0000, Brad Davis wrote: > Synopsis: [PATCH] a little addition to the firewalls-pf section of the handbook > > Responsible-Changed-From-To: freebsd-doc->brd > Responsible-Changed-By: brd > Responsible-Changed-When: Sun Jan 22 16:59:24 UTC 2006 > Responsible-Changed-Why: > grab.. > > http://www.freebsd.org/cgi/query-pr.cgi?pr=92113 please use attached diff, there was a typo in "it's" -> should be just "its" and as I was told, the pf port is long time gone, so remove it from the warning message. These things were found by simon, thanks :) -- Sincerely, Daniel Gerzo --Kj7319i9nmIyA2yE Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="pf.diff" --- /usr/home/danger/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml.orig Thu Jan 5 20:03:37 2006 +++ /usr/home/danger/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml Sun Jan 22 18:42:55 2006 @@ -1,7 +1,7 @@ @@ -256,16 +256,6 @@ More info can be found at the PF for &os; web site: . - The OpenBSD PF user's guide is here: . - - - PF in &os; 5.X is at the level of OpenBSD version 3.5. The - port from the &os; Ports Collection is at the level of OpenBSD - version 3.4. Keep that in mind when browsing the user's - guide. - - Enabling PF @@ -283,6 +273,21 @@ was defined during the build, it also requires options INET6. + + Once the kernel module is loaded or the kernel is statically + built with PF support, it is possible to enable or disable + pf with pfctl + command. + + This example demonstrates how to enable the + pf: + + &prompt.root; pfctl -e + + The pfctl command provides a way to work + with the pf firewall. It is a good + idea to check the &man.pfctl.8; manual page to find out more + information about using it. @@ -413,6 +418,35 @@ SMP support for ALTQ. This option is required on SMP systems. + + + + Creating Filtering Rules + + The Packet Filter reads its configuration rules from the + &man.pf.conf.5; file and it modifies, drops or passes packets + according to the rules or definitions specified there. The &os; + installation comes with a default + /etc/pf.conf which contains useful examples + and explanations. + + Although &os; has its own /etc/pf.conf + the syntax is the same as one used in OpenBSD. A great + resource for configuring the pf + firewall has been written by OpenBSD team and is available at + . + + + The pf firewall in &os; 5.X is + at the level of OpenBSD version 3.5 and in &os; 6.X is at the + level of OpenBSD version 3.7. Please, keep that in mind when + browsing the pf user's guide. + + + The &a.pf; is a good place to ask questions about + configuring and running the pf + firewall. Do not forget to check the mailing list archives + before asking questions. --Kj7319i9nmIyA2yE--