Date: Tue, 28 Sep 2004 10:08:56 +0100 From: Philip Payne <philip.payne@uk.mci.com> To: Cristi Tauber <cristi.tauber@sbhost.ro>, FreeBSD Question <freebsd-questions@freebsd.org> Subject: RE: pf for FreeBSD Message-ID: <A0A204EE2E51BC41BCDE3C1DD86D35ED0254408D@gblon1exch06.uk.mcilink.com>
next in thread | raw e-mail | index | archive | help
Hi, > hello folks, > i want to install the packet filter for FreeBSD so i recompile the > kernel with the options : > > device bpf > options PFIL_HOOKS > options RANDOM_IP_ID > > and installed pf from ports ( i did a cvsup before installing to > get the latest ports). Now my dilemma is ... in pf start script ... i > have to enter a prefix ... but what prefix, 'cause after > installing and > rebooting .... the modules that I want to load are still in source > directory . I installed pf with > > make WITH_ALTQ=yes > make install > > after a deinstall I can't install it anymore, the install > crashes with the error that is allready installed !! > > What can I do ??/ I'm using pf without a problem. Not sure what exact version of FreeBSD 5.x you're using. According to /usr/src/UPDATING Since 08-Mar-2004 pf has been part of the base system and doesn't require the pf port to be installed. So, a way forward could be to ensure you've updated to latest 5.x version (cvs tag RELENG_5). Then I suggest you read /usr/src/UPDATING as it also contains some info on the pf groups & users required. I have the following devices in my kernel: device PFIL_HOOKS device pf device pflog I have the following in /etc/rc.conf: pf_enable="YES" pflog_enable="YES" pf_rules="<Path to rules>" You will also need the authpf group and the _pflogd user & group. You can get the details by downloading the latest source and checking the passwd & group files under /usr/src/etc. in /etc/passwd: _pflogd:*:64:64:pflogd privesp user:/var/empty:/usr/sbin/nologin in /etc/group: authpf:*:63: _pflogd:*:64: I will leave it to you on how you generate a ruleset. Personally I use fwbuilder.org . Thanks, Phil.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A0A204EE2E51BC41BCDE3C1DD86D35ED0254408D>