From owner-freebsd-questions@FreeBSD.ORG Tue Sep 28 11:12:43 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E78B16A4CE for ; Tue, 28 Sep 2004 11:12:43 +0000 (GMT) Received: from sirius.emea.mci.com (sirius.wcom.co.uk [193.131.254.154]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6B8FC43D2F for ; Tue, 28 Sep 2004 11:12:40 +0000 (GMT) (envelope-from philip.payne@uk.mci.com) Received: from ocampa.wcom.co.uk ([166.59.189.250] helo=breen.emea.mci.com) by sirius.emea.mci.com with esmtp (Exim 4.42) id 1CCFuQ-0002Wg-CC; Tue, 28 Sep 2004 11:12:39 +0000 Received: from gblon1exch06.uk.mcilink.com ([170.127.79.25]) by breen.emea.mci.com with esmtp (Exim 4.42) id 1CCFuP-00034R-K8; Tue, 28 Sep 2004 11:12:37 +0000 Received: by gblon1exch06.uk.mcilink.com with Internet Mail Service (5.5.2653.19) id ; Tue, 28 Sep 2004 12:12:35 +0100 Message-ID: From: Philip Payne To: Cristi Tauber Date: Tue, 28 Sep 2004 12:12:27 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" X-MCI-EMEA-Spam-Score: -98.5 (---------------------------------------------------) X-MCI-EMEA-Signature: 588d025901a4e47d711641eae139f4d7 cc: FreeBSD Question Subject: RE: pf for FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 11:12:43 -0000 Hi, I'm not sure of the dates of when 5.2.1 was released to tell you for sure whether pf is available in the kernel or not. I only started using 5.x when 5.3-Beta was released and pf has always been available in kernel for me. Never used the port. To check if pf is installed/available you could try the command line via which pf is configured i.e. # pfctl -sa (i.e. show all currently configured options for pf). To check if its available in the base system you could try configuring a kernel with the devices in my previous email and see if they're accepted. Thanks, Phil. > -----Original Message----- > From: Cristi Tauber [mailto:cristi.tauber@sbhost.ro] > Sent: 28 September 2004 11:19 > To: Philip Payne > Cc: FreeBSD Question > Subject: RE: pf for FreeBSD > > > Hello, > i'm using 5.2.1 and i want to recompile pf to take > advantage of ALTQ. > This was the reason for reinstalling. What about that prefix > in startup > script ... this is were i have no clues ... what's the path ... > And another thing ... if i want to install pf now it says that is > allready installed ... strange ... because i can't find it now, not > the binaries nor the modules . > Cristi > > > Hi, > > > >> hello folks, > >> i want to install the packet filter for FreeBSD so i > recompile the > >> kernel with the options : > >> > >> device bpf > >> options PFIL_HOOKS > >> options RANDOM_IP_ID > >> > >> and installed pf from ports ( i did a cvsup before > installing to > >> get the latest ports). Now my dilemma is ... in pf start > script ... i > >> have to enter a prefix ... but what prefix, 'cause after > >> installing and > >> rebooting .... the modules that I want to load are still in source > >> directory . I installed pf with > >> > >> make WITH_ALTQ=yes > >> make install > >> > >> after a deinstall I can't install it anymore, the install > >> crashes with the error that is allready installed !! > >> > >> What can I do ??/ > > > > I'm using pf without a problem. Not sure what exact version > of FreeBSD 5.x > > you're using. According to /usr/src/UPDATING Since > 08-Mar-2004 pf has been > > part of the base system and doesn't require the pf port to > be installed. > > So, > > a way forward could be to ensure you've updated to latest > 5.x version (cvs > > tag RELENG_5). Then I suggest you read /usr/src/UPDATING as it also > > contains > > some info on the pf groups & users required. > > > > I have the following devices in my kernel: > > device PFIL_HOOKS > > device pf > > device pflog > > > > I have the following in /etc/rc.conf: > > pf_enable="YES" > > pflog_enable="YES" > > pf_rules="" > > > > You will also need the authpf group and the _pflogd user & > group. You can > > get the details by downloading the latest source and > checking the passwd & > > group files under /usr/src/etc. > > > > in /etc/passwd: > > _pflogd:*:64:64:pflogd privesp user:/var/empty:/usr/sbin/nologin > > > > in /etc/group: > > authpf:*:63: > > _pflogd:*:64: > > > > I will leave it to you on how you generate a ruleset. > Personally I use > > fwbuilder.org . > > > > Thanks, > > Phil. > > > > > > > > > > --------------------------------------------------- > > This message and its contents have been scanned and certified for > > transmission as being free from malicious code by < Antivirus>>. > > This > > message may contain confidential, privileged or other > legally protected > > information. It is intended for the addressee(s) only. If > you are not the > > addressee, or someone the addressee authorized to receive > this message, > > you > > are prohibited from copying, distributing or otherwise > using it. Please > > notify the sender and return it.Thank you. > > > > > > > > > > > --------------------------------------------------- > This message and its contents have been scanned and certified for > transmission as being free from malicious code by < Antivirus>>. This > message may contain confidential, privileged or other legally > protected > information. It is intended for the addressee(s) only. If you > are not the > addressee, or someone the addressee authorized to receive > this message, you > are prohibited from copying, distributing or otherwise using > it. Please > notify the sender and return it.Thank you. > > >