Date: Tue, 29 Jan 2008 15:06:43 -0500 From: "Vadym Chepkov" <vchepkov@gmail.com> To: "Gavin Spomer" <spomerg@cwu.EDU> Cc: freebsd-pf@freebsd.org Subject: Re: How does /dev/pf get created? Message-ID: <005e01c862b2$78a6d7c0$050a0a0a@chepkov.lan> References: <479EF0A402000090000132D4@hermes.cwu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Gavin,
I have never had to do anything like this and nevertheless I have /dev/pf
I have pf compiled into the kernel, so I wouldn't blame it on "must be
module" either.
Could you send me, please, the following files, I would really like to
understand the problem
- KERNEL config
- /etc/make.conf
- /etc/rc.conf
- /etc/fstab
- /boot/loader.conf
Thanks
Sincerely,
Vadym Chepkov
----- Original Message -----
From: "Gavin Spomer" <spomerg@cwu.EDU>
To: <freebsd-pf@freebsd.org>
Sent: Tuesday, January 29, 2008 12:23 PM
Subject: Re: How does /dev/pf get created?
>>> David DeSimone <fox@verio.net> 01/28/08 3:50 PM >>>
Gavin Spomer <spomerg@cwu.EDU> wrote:
>
> Although it was new to me, a couple of quick glances at man pages and
> experiments produced a /dev/pf for me.
Can you tell us what it was that you changed? Someone else may need to
know, someday.
You're absolutely right. I guess I forgot my obligation in my excitement
to go home yesterday. ;)
Here's what I did:
1. cp /etc/defaults/devfs.rules /etc/
2. chmod u+w /etc/devfs.rules
3. vi /etc/devfs.rules: Added "add path pf unhide" to the
[devfsrules_unhide_basic=2] ruleset
4. vi /etc/devfs.conf: Added "own pf root:wheel" and "perm pf 0660". *
5. shutdown -r now
* I don't know if my permissions/ownerships for /dev/pf are correct, but
I looked at other devices and made a guess.
Anyone know what they're supposed to be?
Just noticed I don't have pflog or pfsync devices either, so I guess I'll
create those too.
> One thing I really dig so far about pf versus the firewall I use on my
> SuSE machines (iptables), is that I don't have to reboot for changes
> to take effect. Way happy about that! :)
It has been a while since I worked with iptables, but I have NEVER had
to reboot in order to make changes to it. That is just bizarre!
I never took the time to actually write my own iptables rules, but SuSE
has a built in mechanism that simplified it:
SuSEfirewall2. Basically you just have a fairly simple config file to
edit and SuSEconfig writes the rules for you.
In the O-Reilly book Linux Server Security (2nd Edition), it says "...
all you do is edit the file /etc/sysconfig/SUSEfirewall2
(in earlier versions of SUSE, /etc/rc.conf.d/firewall2.rc.config), run
SUSEconfig, and reboot". So I've been doing it that way
ever since. But after a quick Googling, it seems that maybe I don't have
to reboot and can just run
"/sbin/rcSuSEfirewall2 restart". Just an example of one of the times I
wasn't very thorough in investigating something. ;)
- Gavin
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005e01c862b2$78a6d7c0$050a0a0a>