From owner-freebsd-questions@FreeBSD.ORG Tue Jul 25 16:16:10 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1407216A4DA for ; Tue, 25 Jul 2006 16:16:10 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5004343D49 for ; Tue, 25 Jul 2006 16:16:08 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.pc (host5.bedc.ondsl.gr [62.103.39.229]) (authenticated bits=128) by igloo.linux.gr (8.13.7/8.13.7/Debian-1) with ESMTP id k6PGFtjm019544 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 25 Jul 2006 19:15:57 +0300 Received: from gothmog.pc (gothmog [127.0.0.1]) by gothmog.pc (8.13.7/8.13.7) with ESMTP id k6PGFnrM085209; Tue, 25 Jul 2006 19:15:50 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from giorgos@localhost) by gothmog.pc (8.13.7/8.13.7/Submit) id k6PGFni9085191; Tue, 25 Jul 2006 19:15:49 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Tue, 25 Jul 2006 19:15:49 +0300 From: Giorgos Keramidas To: Ivan Levchenko Message-ID: <20060725161549.GA74744@gothmog.pc> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (score=-3.777, required 5, autolearn=not spam, ALL_TRUSTED -1.80, AWL 0.62, BAYES_00 -2.60) X-Hellug-MailScanner-From: keramida@ceid.upatras.gr X-Spam-Status: No Cc: freebsd-questions@freebsd.org Subject: Re: OpenBSD PF firewall in Freebsd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jul 2006 16:16:10 -0000 On 2006-07-25 18:53, Ivan Levchenko wrote: > Hello all, > > Is PF installed with the base system in FreeBSD 6.1? I see that there > is IPF, is it the same thing? I didn't find PF in the ports tree, so > thats why i'm asking. Yes, PF is part of the base system in recent FreeBSD releases. To enable PF support, you can either load it as a module (kldload pf), or compile it into your custom kernel. The startup scripts of the system support loading the module, if necessary, so to use PF you can just enable it in `/etc/rc.conf', i.e. with something like: pf_rules="/etc/pf.conf" pf_enable="YES" pflog_enable="YES" Then, all you have to do is tune your ruleset in `/etc/pf.conf', and off you go :) One tricky point that you should pay attention to is that when PF is used as a loadable kernel module you cannot use ALTQ for traffic shaping. To be able to use the ALTQ features, you have to build a custom kernel that includes both PF and ALTQ options. HTH, -- Giorgos