Date: Tue, 25 Jul 2006 19:15:49 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Ivan Levchenko <levchenko.i@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: OpenBSD PF firewall in Freebsd Message-ID: <20060725161549.GA74744@gothmog.pc> In-Reply-To: <e39dd5bb0607250853v6f45488aj4c9c702739370f1f@mail.gmail.com> References: <e39dd5bb0607250853v6f45488aj4c9c702739370f1f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2006-07-25 18:53, Ivan Levchenko <levchenko.i@gmail.com> wrote:
> Hello all,
>
> Is PF installed with the base system in FreeBSD 6.1? I see that there
> is IPF, is it the same thing? I didn't find PF in the ports tree, so
> thats why i'm asking.
Yes, PF is part of the base system in recent FreeBSD releases.
To enable PF support, you can either load it as a module (kldload pf),
or compile it into your custom kernel. The startup scripts of the
system support loading the module, if necessary, so to use PF you can
just enable it in `/etc/rc.conf', i.e. with something like:
pf_rules="/etc/pf.conf"
pf_enable="YES"
pflog_enable="YES"
Then, all you have to do is tune your ruleset in `/etc/pf.conf', and off
you go :)
One tricky point that you should pay attention to is that when PF is
used as a loadable kernel module you cannot use ALTQ for traffic
shaping. To be able to use the ALTQ features, you have to build a
custom kernel that includes both PF and ALTQ options.
HTH,
-- Giorgos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060725161549.GA74744>