From owner-freebsd-questions@FreeBSD.ORG Tue Sep 28 09:09:25 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18C2616A4CE for ; Tue, 28 Sep 2004 09:09:25 +0000 (GMT) Received: from gregale.emea.mci.com (gregale.wcom.co.uk [193.131.254.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D08143D2D for ; Tue, 28 Sep 2004 09:09:24 +0000 (GMT) (envelope-from philip.payne@uk.mci.com) Received: from breen.emea.mci.com ([166.59.191.248] helo=borg.emea.mci.com) by gregale.emea.mci.com with esmtp (Exim 4.42) id 1CCDz8-0006nW-Bg; Tue, 28 Sep 2004 09:09:22 +0000 Received: from gblon1exch06.uk.mcilink.com ([170.127.79.25]) by borg.emea.mci.com with esmtp (Exim 4.42) id 1CCDz7-0003Z0-82; Tue, 28 Sep 2004 09:09:21 +0000 Received: by gblon1exch06.uk.mcilink.com with Internet Mail Service (5.5.2653.19) id ; Tue, 28 Sep 2004 10:09:18 +0100 Message-ID: From: Philip Payne To: Cristi Tauber , FreeBSD Question Date: Tue, 28 Sep 2004 10:08:56 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" X-MCI-EMEA-Spam-Score: -98.5 (---------------------------------------------------) X-MCI-EMEA-Signature: 7a74ff57553e7d292e475bb376c095bb Subject: RE: pf for FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 09:09:25 -0000 Hi, > hello folks, > i want to install the packet filter for FreeBSD so i recompile the > kernel with the options : > > device bpf > options PFIL_HOOKS > options RANDOM_IP_ID > > and installed pf from ports ( i did a cvsup before installing to > get the latest ports). Now my dilemma is ... in pf start script ... i > have to enter a prefix ... but what prefix, 'cause after > installing and > rebooting .... the modules that I want to load are still in source > directory . I installed pf with > > make WITH_ALTQ=yes > make install > > after a deinstall I can't install it anymore, the install > crashes with the error that is allready installed !! > > What can I do ??/ I'm using pf without a problem. Not sure what exact version of FreeBSD 5.x you're using. According to /usr/src/UPDATING Since 08-Mar-2004 pf has been part of the base system and doesn't require the pf port to be installed. So, a way forward could be to ensure you've updated to latest 5.x version (cvs tag RELENG_5). Then I suggest you read /usr/src/UPDATING as it also contains some info on the pf groups & users required. I have the following devices in my kernel: device PFIL_HOOKS device pf device pflog I have the following in /etc/rc.conf: pf_enable="YES" pflog_enable="YES" pf_rules="" You will also need the authpf group and the _pflogd user & group. You can get the details by downloading the latest source and checking the passwd & group files under /usr/src/etc. in /etc/passwd: _pflogd:*:64:64:pflogd privesp user:/var/empty:/usr/sbin/nologin in /etc/group: authpf:*:63: _pflogd:*:64: I will leave it to you on how you generate a ruleset. Personally I use fwbuilder.org . Thanks, Phil.