On second look PF has some definite improvements over IPFilter. My rule set file is half as long for one thing. I like the macros and tables.
I'm still reading throught he documentation, but, I have not figured out why the log doesnt seem to be working yet. I have all the required entries in rc.conf. pf_enable="YES" # Enable PF (load module if required) pf_rules="/etc/pf.conf" # rules definition file for pf pf_flags="" # additional flags for pfctl startup pflog_enable="YES" # start pflogd(8) pflog_logfile="/var/log/pflog" # where pflogd should store the logfile pflog_flags="" # additional flags for pflogd startup Handbook at http://www.openbsd.org/faq/pf/. seems to indicate I need a device named pflog0 which I do not have. Also pflogd does not start on boot even tough it is listed in rc.conf. Perhaps the start up script did not get installed into the correct location. My installatin was from the 6.0 release ISO. so I would naturally assume it is correct. Thanks for the reminder of this program. I think I will like it better than the others for my purposes and administrative skill level. On 5/2/06, Atom Powers <[EMAIL PROTECTED]> wrote:
On 5/2/06, Bryan Curl <[EMAIL PROTECTED]> wrote: > I want to limit time my kids spend on the internet. > The way I am doing it is to make varying, seperate ipf.rules files and > install them from cron at the appropriate time. > Problem is, if I make a change to one file, I generally have to update all > the others accordingly. > > Is there a better way? I have read man ipf but didnt come out with any > ideas. I would use pf and have something like this: pf.conf ---- block out all from <kids> to any ---- crontab ---- pfctl -t kids -T add kids.ip.to.block pfctl -t kids -T del kids.ip.to.allow ---- You can also keep the IPs in a flat file and just tell pf to re-read the file (or read a different file) to update the table. I love pf. -- -- Perfection is just a word I use occasionally with mustard. --Atom Powers--
-- -- Bryan bc3910 'at' gmail 'dot' com _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
