Date: Tue, 28 Sep 2004 12:12:27 +0100 From: Philip Payne <philip.payne@uk.mci.com> To: Cristi Tauber <cristi.tauber@sbhost.ro> Cc: FreeBSD Question <freebsd-questions@freebsd.org> Subject: RE: pf for FreeBSD Message-ID: <A0A204EE2E51BC41BCDE3C1DD86D35ED02544094@gblon1exch06.uk.mcilink.com>
next in thread | raw e-mail | index | archive | help
Hi, I'm not sure of the dates of when 5.2.1 was released to tell you for sure whether pf is available in the kernel or not. I only started using 5.x when 5.3-Beta was released and pf has always been available in kernel for me. Never used the port. To check if pf is installed/available you could try the command line via which pf is configured i.e. # pfctl -sa (i.e. show all currently configured options for pf). To check if its available in the base system you could try configuring a kernel with the devices in my previous email and see if they're accepted. Thanks, Phil. > -----Original Message----- > From: Cristi Tauber [mailto:cristi.tauber@sbhost.ro] > Sent: 28 September 2004 11:19 > To: Philip Payne > Cc: FreeBSD Question > Subject: RE: pf for FreeBSD > > > Hello, > i'm using 5.2.1 and i want to recompile pf to take > advantage of ALTQ. > This was the reason for reinstalling. What about that prefix > in startup > script ... this is were i have no clues ... what's the path ... > And another thing ... if i want to install pf now it says that is > allready installed ... strange ... because i can't find it now, not > the binaries nor the modules . > Cristi > > > Hi, > > > >> hello folks, > >> i want to install the packet filter for FreeBSD so i > recompile the > >> kernel with the options : > >> > >> device bpf > >> options PFIL_HOOKS > >> options RANDOM_IP_ID > >> > >> and installed pf from ports ( i did a cvsup before > installing to > >> get the latest ports). Now my dilemma is ... in pf start > script ... i > >> have to enter a prefix ... but what prefix, 'cause after > >> installing and > >> rebooting .... the modules that I want to load are still in source > >> directory . I installed pf with > >> > >> make WITH_ALTQ=yes > >> make install > >> > >> after a deinstall I can't install it anymore, the install > >> crashes with the error that is allready installed !! > >> > >> What can I do ??/ > > > > I'm using pf without a problem. Not sure what exact version > of FreeBSD 5.x > > you're using. According to /usr/src/UPDATING Since > 08-Mar-2004 pf has been > > part of the base system and doesn't require the pf port to > be installed. > > So, > > a way forward could be to ensure you've updated to latest > 5.x version (cvs > > tag RELENG_5). Then I suggest you read /usr/src/UPDATING as it also > > contains > > some info on the pf groups & users required. > > > > I have the following devices in my kernel: > > device PFIL_HOOKS > > device pf > > device pflog > > > > I have the following in /etc/rc.conf: > > pf_enable="YES" > > pflog_enable="YES" > > pf_rules="<Path to rules>" > > > > You will also need the authpf group and the _pflogd user & > group. You can > > get the details by downloading the latest source and > checking the passwd & > > group files under /usr/src/etc. > > > > in /etc/passwd: > > _pflogd:*:64:64:pflogd privesp user:/var/empty:/usr/sbin/nologin > > > > in /etc/group: > > authpf:*:63: > > _pflogd:*:64: > > > > I will leave it to you on how you generate a ruleset. > Personally I use > > fwbuilder.org . > > > > Thanks, > > Phil. > > > > > > > > > > --------------------------------------------------- > > This message and its contents have been scanned and certified for > > transmission as being free from malicious code by <<eTrust > Antivirus>>. > > This > > message may contain confidential, privileged or other > legally protected > > information. It is intended for the addressee(s) only. If > you are not the > > addressee, or someone the addressee authorized to receive > this message, > > you > > are prohibited from copying, distributing or otherwise > using it. Please > > notify the sender and return it.Thank you. > > > > > > > > > > > --------------------------------------------------- > This message and its contents have been scanned and certified for > transmission as being free from malicious code by <<eTrust > Antivirus>>. This > message may contain confidential, privileged or other legally > protected > information. It is intended for the addressee(s) only. If you > are not the > addressee, or someone the addressee authorized to receive > this message, you > are prohibited from copying, distributing or otherwise using > it. Please > notify the sender and return it.Thank you. > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A0A204EE2E51BC41BCDE3C1DD86D35ED02544094>