RE: [Freebsd-net] PF installation on 5.2-RELEASE
From: Art Mason (amason_at_rackspace.com)
Date: 01/21/04
- Previous message: Dinesh Nair: "Re[2]: netgraph questions on ng_tee, ng_iface, ng_socket"
- In reply to: Remko Lodder: "RE: [Freebsd-net] PF installation on 5.2-RELEASE"
- Next in thread: Max Laier: "Re: [Freebsd-net] PF installation on 5.2-RELEASE"
- Reply: Max Laier: "Re: [Freebsd-net] PF installation on 5.2-RELEASE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: "Freebsd-Net@Freebsd. Org" <freebsd-net@freebsd.org> Date: Wed, 21 Jan 2004 09:58:23 -0600
Yes, indeed, many thanks for the quick response. I had read through the
makefile, but wasn't sure if there were any additional settings that I
should take into consideration. On that note, does anyone have any
experience running PF under 5.2-RELEASE in a production environment,
especially in conjunction w/ ALTQ? I'm just curious, because I've
really taken a liking to PF under OpenBSD and really like the ALTQ
integration, especially in regards to upstream traffic shaping. Does
anyone have any experience with such implementations under 5.2-RELEASE.
Thanks again in advance,
On Wed, 2004-01-21 at 09:20, Remko Lodder wrote:
> from pkg-message which lives in /usr/ports/security/pf/
>
> To use pf, please follow these steps:
>
> 1. Add kernel options into your kernel config file and recompile kernel:
>
> device bpf
> options PFIL_HOOKS
> options RANDOM_IP_ID
>
> 2. Please set the following variables in /etc/rc.conf according to your
> needs:
>
> pf_enable="Yes"
> pf_logd="Yes"
> pf_conf="%%PREFIX%%/etc/pf.conf"
>
> 3. Check %%PREFIX%%/etc/rc.d/pf.sh, it is the startup script for pf!
>
> --> Makefile snippet
>
> .if !defined(WITH_ALTQ) || (${WITH_ALTQ} != "yes")
> pre-fetch:
> @${ECHO_MSG} "======================================================="
> @${ECHO_MSG} "* If you have ALTQ support from: *"
> @${ECHO_MSG} "* http://www.nipsi.de/altq/index.html or *"
> @${ECHO_MSG} "* http://www.rofug.ro/projects/freebsd-altq/ *"
> @${ECHO_MSG} "* You can define WITH_ALTQ=yes to make use of it *"
> @${ECHO_MSG} "* Please define SYS_ALTQ to point to the patched src *"
> @${ECHO_MSG} "* *"
> @${ECHO_MSG} "* e.g.: make WITH_ALTQ=yes SYS_ALTQ=/usr/src/sys.altq *"
> @${ECHO_MSG} "* *"
> @${ECHO_MSG} "======================================================="
> @sleep 2
> .endif
>
> /snip
>
> Does that fill in the blanks? Cheers
>
>
>
> --
>
> Kind regards,
>
> Remko Lodder
> Elvandar.org/DSINet.org
> www.mostly-harmless.nl Dutch community for helping newcomers on the
> hackerscene
>
> -----Oorspronkelijk bericht-----
> Van: freebsd-net-bounces@lists.elvandar.org
> [mailto:freebsd-net-bounces@lists.elvandar.org]Namens Art Mason
> Verzonden: woensdag 21 januari 2004 16:13
> Aan: freebsd-net@freebsd.org
> Onderwerp: [Freebsd-net] PF installation on 5.2-RELEASE
>
>
> Hello,
>
> My sincerest apologies if this isn't the correct list to post this
> question to, but I was wondering if anyone has any guidelines/procedures
> to follow regarding the correct installation method for PF on FreeBSD
> 5.2-RELEASE. I know of its existence in ports/security, but was
> wondering if there are any additional kernel compilation options or
> sysctl variables required to get it, along w/ ALTQ, up and running
> properly on a fresh install.
>
> Many thanks in advance,
>
> --
> Art Mason
> Rackspace Managed Hosting
> amason@rackspace.com
>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
> _______________________________________________
> Freebsd-net mailing list
> Freebsd-net@lists.elvandar.org
> http://lists.elvandar.org/mailman/listinfo/freebsd-net
>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
-- Art Mason Technical Support - Team F Rackspace Managed Hosting (800) 961-4454 ext. 1223 amason@rackspace.com _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Dinesh Nair: "Re[2]: netgraph questions on ng_tee, ng_iface, ng_socket"
- In reply to: Remko Lodder: "RE: [Freebsd-net] PF installation on 5.2-RELEASE"
- Next in thread: Max Laier: "Re: [Freebsd-net] PF installation on 5.2-RELEASE"
- Reply: Max Laier: "Re: [Freebsd-net] PF installation on 5.2-RELEASE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
