Re: [Freebsd-net] PF installation on 5.2-RELEASE
From: Max Laier (max_at_love2party.net)
Date: 01/21/04
- Previous message: Kenneth W Cochran: "Troubleshooting network card/link"
- In reply to: Art Mason: "RE: [Freebsd-net] PF installation on 5.2-RELEASE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: Art Mason <amason@rackspace.com>, "Freebsd-Net@Freebsd. Org" <freebsd-net@freebsd.org> Date: Wed, 21 Jan 2004 17:38:36 +0100
On Wednesday 21 January 2004 16:58, Art Mason wrote:
> Yes, indeed, many thanks for the quick response. I had read through
> the makefile, but wasn't sure if there were any additional settings
> that I should take into consideration. On that note, does anyone have
> any experience running PF under 5.2-RELEASE in a production
> environment, especially in conjunction w/ ALTQ? I'm just curious,
> because I've really taken a liking to PF under OpenBSD and really like
> the ALTQ integration, especially in regards to upstream traffic
> shaping. Does anyone have any experience with such implementations
> under 5.2-RELEASE.
>
If you will use pf on a dail-up line, which gets a dynamic IP via dhcp or
similar means, or if you are _very_ concerned about secuirty, you might
want to take a look at the "patches" directory
(cd /usr/ports/security/pf; make patch; cd work/pf_freebsd_2.02/patches/;
less README) to learn about additonal tweaks ("(if_name)" syntax, and bpf
security).
pf alone has proven stable on a large number of FreeBSD installations
(SMP, UP, 64bit ...) among them very busy sites. ALTQ lacks real-life
tests for some of the "supported" NICs (as none of the ALTQ patchset
developers has access to a big testlab). fxp, rl, tun and dc are well
tested (by either Adrian, Pyun or myself) ... if you have another card
reports are _very_ welcome! Just write a mail and we will spam you with
patchsets until it works ;)
-- Best regards, | max@love2party.net Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Kenneth W Cochran: "Troubleshooting network card/link"
- In reply to: Art Mason: "RE: [Freebsd-net] PF installation on 5.2-RELEASE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
