Hello,

as you may have seen pf is now linked to the build and can be installed from
the base system. Make sure to run `mergemaster -p' before the installworld
as it requires two additional user accounts/groups.

If you do not want to build/install pf you can use the NO_PF knob in
/etc/make.conf

For the moment you will have troubles with pflog and tcpdump as we are
waiting for a vendor branch update of tcpdump/libpcap.

To build a kernel that supports pf you have to add at least:
        options         PFIL_HOOKS
        device          pf

to the GENERIC kernel configuration. Optional you can use:
        device          pflog
        device          pfsync

to build-in logging and syncing. Note that it is currently not possible to
pull in these in as a module right now. However it is possible to use pf as
a module. To do this you must add the following to GENERIC:
        options         PFIL_HOOKS
        options         RANDOM_IP_ID

already existing in GENERIC, but also required by pf as a module:
        options         INET
        options         INET6
        device          bpf

These requirements can be tweaked by editing the modules/pf* Makefiles.

I hope you have fun with pf and can make good use of it. Report problems,
errors and questions to me or the pf-mailing-list [EMAIL PROTECTED]
(see http://pf4freebsd.love2party.net/ for details) I'd try to avoid
flooding -net or -current with pf related questions. There might be a
freebsd-pf mailing-list some time soon.

-- 
Best regards,                           | [EMAIL PROTECTED]
Max Laier                               | ICQ #67774661
http://pf4freebsd.love2party.net/       | [EMAIL PROTECTED]

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to