Tuesday, July 13, 2004

Installing pf on FreeBSD...

This is very crude, but:

1. download kernel source.


2. install kernel source.

./install.sh ssys

3. modify kernel, add these options.

# Packet Filter support
options PFIL_HOOKS
options RANDOM_IP_ID

4. rebuild kernel

config IMPETUS && cd ../compile/IMPETUS
make depend && make && make install

5. reboot

6. download the ports collection

7. install the ports collection

8. install the PF port

cd /usr/ports/security/pf
make && make install

9. install the PF startup script

cd /usr/local/etc/rc.d
mv pf.sh.sample pf.sh

10. add the following to /etc/rc.conf


11. update /etc/pf.conf with your PF rules, e.g.

block in all
pass in quick on { lo0 }
pass out quick all keep state