From owner-freebsd-net@FreeBSD.ORG Wed Jan 21 07:55:43 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF0D716A4CE for ; Wed, 21 Jan 2004 07:55:42 -0800 (PST) Received: from mx.sat.corp.rackspace.com (mx.sat.corp.rackspace.com [64.39.1.217]) by mx1.FreeBSD.org (Postfix) with ESMTP id 458F943D31 for ; Wed, 21 Jan 2004 07:55:39 -0800 (PST) (envelope-from amason@rackspace.com) Received: from mail.rackspace.com (mail.rackspace.com [64.39.2.181]) i0LFrW4w030131 for ; Wed, 21 Jan 2004 09:53:32 -0600 Received: from [10.1.101.24] (office101-24.sat.rackspace.com [10.1.101.24]) by mail.rackspace.com (8.12.10/8.12.10) with ESMTP id i0LFtW32024221 for ; Wed, 21 Jan 2004 09:55:32 -0600 From: Art Mason To: "Freebsd-Net@Freebsd. Org" In-Reply-To: <20040121152028.275D52B4D82@redqueen.elvandar.org> References: <20040121152028.275D52B4D82@redqueen.elvandar.org> Content-Type: text/plain Organization: Rackspace Managed Hosting Message-Id: <1074700702.32768.14.camel@mizar.rackspace.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Wed, 21 Jan 2004 09:58:23 -0600 Content-Transfer-Encoding: 7bit X-MailScanner: Dd6rvCg9: Found to be clean Subject: RE: [Freebsd-net] PF installation on 5.2-RELEASE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2004 15:55:43 -0000 Yes, indeed, many thanks for the quick response. I had read through the makefile, but wasn't sure if there were any additional settings that I should take into consideration. On that note, does anyone have any experience running PF under 5.2-RELEASE in a production environment, especially in conjunction w/ ALTQ? I'm just curious, because I've really taken a liking to PF under OpenBSD and really like the ALTQ integration, especially in regards to upstream traffic shaping. Does anyone have any experience with such implementations under 5.2-RELEASE. Thanks again in advance, On Wed, 2004-01-21 at 09:20, Remko Lodder wrote: > from pkg-message which lives in /usr/ports/security/pf/ > > To use pf, please follow these steps: > > 1. Add kernel options into your kernel config file and recompile kernel: > > device bpf > options PFIL_HOOKS > options RANDOM_IP_ID > > 2. Please set the following variables in /etc/rc.conf according to your > needs: > > pf_enable="Yes" > pf_logd="Yes" > pf_conf="%%PREFIX%%/etc/pf.conf" > > 3. Check %%PREFIX%%/etc/rc.d/pf.sh, it is the startup script for pf! > > --> Makefile snippet > > .if !defined(WITH_ALTQ) || (${WITH_ALTQ} != "yes") > pre-fetch: > @${ECHO_MSG} "=======================================================" > @${ECHO_MSG} "* If you have ALTQ support from: *" > @${ECHO_MSG} "* http://www.nipsi.de/altq/index.html or *" > @${ECHO_MSG} "* http://www.rofug.ro/projects/freebsd-altq/ *" > @${ECHO_MSG} "* You can define WITH_ALTQ=yes to make use of it *" > @${ECHO_MSG} "* Please define SYS_ALTQ to point to the patched src *" > @${ECHO_MSG} "* *" > @${ECHO_MSG} "* e.g.: make WITH_ALTQ=yes SYS_ALTQ=/usr/src/sys.altq *" > @${ECHO_MSG} "* *" > @${ECHO_MSG} "=======================================================" > @sleep 2 > .endif > > /snip > > Does that fill in the blanks? Cheers > > > > -- > > Kind regards, > > Remko Lodder > Elvandar.org/DSINet.org > www.mostly-harmless.nl Dutch community for helping newcomers on the > hackerscene > > -----Oorspronkelijk bericht----- > Van: freebsd-net-bounces@lists.elvandar.org > [mailto:freebsd-net-bounces@lists.elvandar.org]Namens Art Mason > Verzonden: woensdag 21 januari 2004 16:13 > Aan: freebsd-net@freebsd.org > Onderwerp: [Freebsd-net] PF installation on 5.2-RELEASE > > > Hello, > > My sincerest apologies if this isn't the correct list to post this > question to, but I was wondering if anyone has any guidelines/procedures > to follow regarding the correct installation method for PF on FreeBSD > 5.2-RELEASE. I know of its existence in ports/security, but was > wondering if there are any additional kernel compilation options or > sysctl variables required to get it, along w/ ALTQ, up and running > properly on a fresh install. > > Many thanks in advance, > > -- > Art Mason > Rackspace Managed Hosting > amason@rackspace.com > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > _______________________________________________ > Freebsd-net mailing list > Freebsd-net@lists.elvandar.org > http://lists.elvandar.org/mailman/listinfo/freebsd-net > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- Art Mason Technical Support - Team F Rackspace Managed Hosting (800) 961-4454 ext. 1223 amason@rackspace.com