From owner-freebsd-questions@FreeBSD.ORG Tue Sep 28 10:32:46 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF8F816A4CE for ; Tue, 28 Sep 2004 10:32:45 +0000 (GMT) Received: from mail.rtc.ro (mail.rtc.ro [212.93.139.2]) by mx1.FreeBSD.org (Postfix) with SMTP id A809D43D4C for ; Tue, 28 Sep 2004 10:32:43 +0000 (GMT) (envelope-from cristi.tauber@sbhost.ro) Received: (qmail 21742 invoked by uid 99); 28 Sep 2004 13:18:44 +0300 Received: from 212.93.139.239 (SquirrelMail authenticated user tcristi@sbhost.ro) by mail.rtc.ro with HTTP; Tue, 28 Sep 2004 13:18:44 +0300 (EEST) Message-ID: <1139.212.93.139.239.1096366724.squirrel@mail.rtc.ro> In-Reply-To: References: Date: Tue, 28 Sep 2004 13:18:44 +0300 (EEST) From: "Cristi Tauber" To: "Philip Payne" User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal X-AntivirusScanner: eTrust Antivirus v7 X-eTrust-Spam: 0 X-eTrust-Signatures: 23.66.67 cc: FreeBSD Question Subject: RE: pf for FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 10:32:46 -0000 Hello, i'm using 5.2.1 and i want to recompile pf to take advantage of ALTQ. This was the reason for reinstalling. What about that prefix in startup script ... this is were i have no clues ... what's the path ... And another thing ... if i want to install pf now it says that is allready installed ... strange ... because i can't find it now, not the binaries nor the modules . Cristi > Hi, > >> hello folks, >> i want to install the packet filter for FreeBSD so i recompile the >> kernel with the options : >> >> device bpf >> options PFIL_HOOKS >> options RANDOM_IP_ID >> >> and installed pf from ports ( i did a cvsup before installing to >> get the latest ports). Now my dilemma is ... in pf start script ... i >> have to enter a prefix ... but what prefix, 'cause after >> installing and >> rebooting .... the modules that I want to load are still in source >> directory . I installed pf with >> >> make WITH_ALTQ=yes >> make install >> >> after a deinstall I can't install it anymore, the install >> crashes with the error that is allready installed !! >> >> What can I do ??/ > > I'm using pf without a problem. Not sure what exact version of FreeBSD 5.x > you're using. According to /usr/src/UPDATING Since 08-Mar-2004 pf has been > part of the base system and doesn't require the pf port to be installed. > So, > a way forward could be to ensure you've updated to latest 5.x version (cvs > tag RELENG_5). Then I suggest you read /usr/src/UPDATING as it also > contains > some info on the pf groups & users required. > > I have the following devices in my kernel: > device PFIL_HOOKS > device pf > device pflog > > I have the following in /etc/rc.conf: > pf_enable="YES" > pflog_enable="YES" > pf_rules="" > > You will also need the authpf group and the _pflogd user & group. You can > get the details by downloading the latest source and checking the passwd & > group files under /usr/src/etc. > > in /etc/passwd: > _pflogd:*:64:64:pflogd privesp user:/var/empty:/usr/sbin/nologin > > in /etc/group: > authpf:*:63: > _pflogd:*:64: > > I will leave it to you on how you generate a ruleset. Personally I use > fwbuilder.org . > > Thanks, > Phil. > > > > > --------------------------------------------------- > This message and its contents have been scanned and certified for > transmission as being free from malicious code by <>. > This > message may contain confidential, privileged or other legally protected > information. It is intended for the addressee(s) only. If you are not the > addressee, or someone the addressee authorized to receive this message, > you > are prohibited from copying, distributing or otherwise using it. Please > notify the sender and return it.Thank you. > > > > --------------------------------------------------- This message and its contents have been scanned and certified for transmission as being free from malicious code by <>. This message may contain confidential, privileged or other legally protected information. It is intended for the addressee(s) only. If you are not the addressee, or someone the addressee authorized to receive this message, you are prohibited from copying, distributing or otherwise using it. Please notify the sender and return it.Thank you.