Date: Fri, 25 Jan 2008 08:12:15 -0800 From: Jeremy Chadwick <koitsu@FreeBSD.org> To: Gavin Spomer <spomerg@cwu.EDU> Cc: freebsd-pf@freebsd.org Subject: Re: How does /dev/pf get created? Message-ID: <20080125161215.GA38146@eos.sc1.parodius.com> In-Reply-To: <4799933A0200009000012FFC@hermes.cwu.edu> References: <4799933A0200009000012FFC@hermes.cwu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 25, 2008 at 07:43:54AM -0800, Gavin Spomer wrote: > I only have 3 lines in my /etc/make.conf: a comment and 2 lines about what perl to use. > Is NO_PF=YES the default if not specified? NO_PF in /etc/make.conf (RELENG_6), or WITHOUT_PF in /etc/src.conf (RELENG_7) will simply disable building pf-related utilities in the base system (e.g. pfctl and others). It should not affect what features/capabilities your kernel configuration specifies. > In that case adding NO_PF=NO and then building may work. No, this will not work. NO_xxx variables do not check the actual value of the assignment; NO_PF=HEHEHE would be the same thing as NO_PF=true. The same goes for src.conf as described above. > I did it via the command line: > make buildkernel KERNCONF=MACHINEHOSTNAME > make installkernel KERNCONT=MACHINEHOSTNAME Your installkernel line is incorrect. KERNCONT != KERNCONF. Also, consider simply placing KERNCONF=WHATEVER in /etc/make.conf, then you won't have to remember to specify the variable on the command-line when building/installing kernels. > Shouldn't having "device pf" in MACHINEHOSTNAME file and building provide /dev/pf? Yes and no. The /dev/pf device is created on-the-fly when the pf module is loaded by the kernel. It is not a device that's made during build time or via any other means. A missing /dev/pf (as claimed by your pfctl) seems to indicate you do not have the pf module loaded into the kernel (either as a module loaded via kldload, or built-in to the kernel via 'device pf') On none of our production machines do we have "device pf" in our kernel configs. Instead, we rely on the following /etc/rc.conf variable to kldload the pf kernel module during boot: pf_enable="yes" If you want pflog support, you will also need the following line: pflog_enable="yes" Drivers being loaded This can be verified by doing `kldstat' and seeing the module(s) loaded as so: # kldstat Id Refs Address Size Name 1 6 0xc0400000 3f5b50 kernel 2 1 0xc07f6000 64340 acpi.ko 4 2 0xc81b5000 2e000 pf.ko 6 1 0xcaf50000 3000 pflog.ko > I have such a vanilla installation of FreeBSD, it's hard for me to see where I went wrong. I seem to have all the > components of pf except /dev/pf. I have /sbin/pfctl, /etc/pf.conf, /boot/kernel/pf.ko, /boot/kernel/pflog.ko and the > appropriate stuff I mentioned in /etc/rc.conf and probably others as well. I just don't have /dev/pf. How does this get > created? It would help if you could provide: * Output of uname -a on the machine which doesn't have /dev/pf * Output of kldstat * Your /etc/rc.conf * Your /boot/loader.conf * Your /etc/make.conf * Your kernel configuration file -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080125161215.GA38146>