Date: Wed, 21 Jan 2004 09:58:23 -0600 From: Art Mason <amason@rackspace.com> To: "Freebsd-Net@Freebsd. Org" <freebsd-net@freebsd.org> Subject: RE: [Freebsd-net] PF installation on 5.2-RELEASE Message-ID: <1074700702.32768.14.camel@mizar.rackspace.com> In-Reply-To: <20040121152028.275D52B4D82@redqueen.elvandar.org> References: <20040121152028.275D52B4D82@redqueen.elvandar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes, indeed, many thanks for the quick response. I had read through the makefile, but wasn't sure if there were any additional settings that I should take into consideration. On that note, does anyone have any experience running PF under 5.2-RELEASE in a production environment, especially in conjunction w/ ALTQ? I'm just curious, because I've really taken a liking to PF under OpenBSD and really like the ALTQ integration, especially in regards to upstream traffic shaping. Does anyone have any experience with such implementations under 5.2-RELEASE. Thanks again in advance, On Wed, 2004-01-21 at 09:20, Remko Lodder wrote: > from pkg-message which lives in /usr/ports/security/pf/ > > To use pf, please follow these steps: > > 1. Add kernel options into your kernel config file and recompile kernel: > > device bpf > options PFIL_HOOKS > options RANDOM_IP_ID > > 2. Please set the following variables in /etc/rc.conf according to your > needs: > > pf_enable="Yes" > pf_logd="Yes" > pf_conf="%%PREFIX%%/etc/pf.conf" > > 3. Check %%PREFIX%%/etc/rc.d/pf.sh, it is the startup script for pf! > > --> Makefile snippet > > .if !defined(WITH_ALTQ) || (${WITH_ALTQ} != "yes") > pre-fetch: > @${ECHO_MSG} "=======================================================" > @${ECHO_MSG} "* If you have ALTQ support from: *" > @${ECHO_MSG} "* http://www.nipsi.de/altq/index.html or *" > @${ECHO_MSG} "* http://www.rofug.ro/projects/freebsd-altq/ *" > @${ECHO_MSG} "* You can define WITH_ALTQ=yes to make use of it *" > @${ECHO_MSG} "* Please define SYS_ALTQ to point to the patched src *" > @${ECHO_MSG} "* *" > @${ECHO_MSG} "* e.g.: make WITH_ALTQ=yes SYS_ALTQ=/usr/src/sys.altq *" > @${ECHO_MSG} "* *" > @${ECHO_MSG} "=======================================================" > @sleep 2 > .endif > > /snip > > Does that fill in the blanks? Cheers > > > > -- > > Kind regards, > > Remko Lodder > Elvandar.org/DSINet.org > www.mostly-harmless.nl Dutch community for helping newcomers on the > hackerscene > > -----Oorspronkelijk bericht----- > Van: freebsd-net-bounces@lists.elvandar.org > [mailto:freebsd-net-bounces@lists.elvandar.org]Namens Art Mason > Verzonden: woensdag 21 januari 2004 16:13 > Aan: freebsd-net@freebsd.org > Onderwerp: [Freebsd-net] PF installation on 5.2-RELEASE > > > Hello, > > My sincerest apologies if this isn't the correct list to post this > question to, but I was wondering if anyone has any guidelines/procedures > to follow regarding the correct installation method for PF on FreeBSD > 5.2-RELEASE. I know of its existence in ports/security, but was > wondering if there are any additional kernel compilation options or > sysctl variables required to get it, along w/ ALTQ, up and running > properly on a fresh install. > > Many thanks in advance, > > -- > Art Mason > Rackspace Managed Hosting > amason@rackspace.com > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > _______________________________________________ > Freebsd-net mailing list > Freebsd-net@lists.elvandar.org > http://lists.elvandar.org/mailman/listinfo/freebsd-net > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- Art Mason Technical Support - Team F Rackspace Managed Hosting (800) 961-4454 ext. 1223 amason@rackspace.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1074700702.32768.14.camel>