From owner-freebsd-net@FreeBSD.ORG Wed Jan 21 08:39:04 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D226C16A4CE for ; Wed, 21 Jan 2004 08:39:04 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5953243D4C for ; Wed, 21 Jan 2004 08:38:43 -0800 (PST) (envelope-from max@love2party.net) Received: from [212.227.126.206] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1AjLNK-0002uL-00 for freebsd-net@freebsd.org; Wed, 21 Jan 2004 17:38:42 +0100 Received: from [80.131.148.180] (helo=vampire.homelinux.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 1AjLNK-0001ub-00 for freebsd-net@freebsd.org; Wed, 21 Jan 2004 17:38:42 +0100 Received: (qmail 65009 invoked from network); 21 Jan 2004 16:43:00 -0000 Received: from unknown (HELO fbsd52.laiers.local) (192.168.4.88) by 192.168.4.1 with SMTP; 21 Jan 2004 16:43:00 -0000 From: Max Laier To: Art Mason , "Freebsd-Net@Freebsd. Org" Date: Wed, 21 Jan 2004 17:38:36 +0100 User-Agent: KMail/1.5.4 References: <20040121152028.275D52B4D82@redqueen.elvandar.org> <1074700702.32768.14.camel@mizar.rackspace.com> In-Reply-To: <1074700702.32768.14.camel@mizar.rackspace.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200401211738.36532.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:e28873fbe4dbe612ce62ab869898ff08 Subject: Re: [Freebsd-net] PF installation on 5.2-RELEASE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2004 16:39:05 -0000 On Wednesday 21 January 2004 16:58, Art Mason wrote: > Yes, indeed, many thanks for the quick response. I had read through > the makefile, but wasn't sure if there were any additional settings > that I should take into consideration. On that note, does anyone have > any experience running PF under 5.2-RELEASE in a production > environment, especially in conjunction w/ ALTQ? I'm just curious, > because I've really taken a liking to PF under OpenBSD and really like > the ALTQ integration, especially in regards to upstream traffic > shaping. Does anyone have any experience with such implementations > under 5.2-RELEASE. > If you will use pf on a dail-up line, which gets a dynamic IP via dhcp or similar means, or if you are _very_ concerned about secuirty, you might want to take a look at the "patches" directory (cd /usr/ports/security/pf; make patch; cd work/pf_freebsd_2.02/patches/; less README) to learn about additonal tweaks ("(if_name)" syntax, and bpf security). pf alone has proven stable on a large number of FreeBSD installations (SMP, UP, 64bit ...) among them very busy sites. ALTQ lacks real-life tests for some of the "supported" NICs (as none of the ALTQ patchset developers has access to a big testlab). fxp, rl, tun and dc are well tested (by either Adrian, Pyun or myself) ... if you have another card reports are _very_ welcome! Just write a mail and we will spam you with patchsets until it works ;) -- Best regards, | max@love2party.net Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet