Date: Mon, 17 Jan 2005 13:23:18 -0500 From: pf-r@solarflux.org To: freebsd-pf@freebsd.org Subject: Re: Looking for docs on installing pf with FreeBSD 5.2.1 Message-ID: <1105986198.41ec0296e22ae@mail.fluidhosting.com> In-Reply-To: <c2d45d6e0501170021582f126e@mail.gmail.com> References: <41EB7268.7090802@comcast.net> <c2d45d6e0501170021582f126e@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I'm running FreeBSD 5.2.1, and can't seem to find any comprihensive docs > > on getting pf running on it. I've followed what's in the handbook, but > > the kernel config file doesn't recognize the device statements for pf. > > I really would like to avoid upgrading the system to 5.3+, if possible. > > > > Any pointers? The best and easiest way to have the most secure system and recent pf code is to cvsup your FreeBSD 5.2.1 system to a patched 5.3-RELEASE, IMO. Not sure if -STABLE or -CURRENT would offer newer pf code, but if this is a production box, neither -STABLE nor -CURRENT are recommended anyway. There are plenty of comprehensive docs on updating (via cvsup) your 5.2.1 system to the latest security branch (RELENG_5_3). Then you'll have pf as a loadable kernel module already in the system. I believe the pf-enabling instructions in the handbook are for 5.3. Quick and dirty cvsup steps (see Appendix A.5 in the handbook): Create a supfile referencing RELENG_5_3 Cvsup Make buildworld Add appropriate pf* lines in kernel config (copy of GENERIC) Make buildkernel Make installkernel Reboot to single user mode (optional) Make installworld Mergemaster Exit to multiuser (only if you are in single user mode) Play with PF I've built PF and ALTQ the manual way (on 5.0/5.1) and longed for the day when I could just cvsup my system and be done with it. > there is a port: /usr/ports/security/pf. > Installing PF from there is pretty straightforward. > I use it on several FreeBSD 5.2.1 machines. The ports version is based on OpenBSD 3.4 code, so it's fairly dated. Not saying it's bad, but it doesn't have many of the newer features that the recent/latest code provides. HTH
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1105986198.41ec0296e22ae>