- Restructure part of the PF section.
- Add general info about enabling PF and creating rulsets. PR: docs/92113 Submitted by: Daniel Gerzo <danger at rulez dot sk> Reviewed by: simon@ and ceri@ Approved by: ceri@
This commit is contained in:
Brad Davis
parent
0f6673c4b4
commit
e4de67ee62
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=26930
1 changed files with 45 additions and 10 deletions
|
|
@ -256,16 +256,6 @@
|
|||
<para>More info can be found at the PF for &os; web site: <ulink
|
||||
url="http://pf4freebsd.love2party.net/"></ulink>.</para>
|
||||
|
||||
<para>The OpenBSD PF user's guide is here: <ulink
|
||||
url="http://www.openbsd.org/faq/pf/"></ulink>.</para>
|
||||
|
||||
<warning>
|
||||
<para>PF in &os; 5.X is at the level of OpenBSD version 3.5. The
|
||||
port from the &os; Ports Collection is at the level of OpenBSD
|
||||
version 3.4. Keep that in mind when browsing the user's
|
||||
guide.</para>
|
||||
</warning>
|
||||
|
||||
<sect2>
|
||||
<title>Enabling PF</title>
|
||||
|
||||
|
|
@ -283,6 +273,21 @@
|
|||
was defined during the build, it also requires <literal>options
|
||||
INET6</literal>.</para>
|
||||
</note>
|
||||
|
||||
<para>Once the kernel module is loaded or the kernel is statically
|
||||
built with PF support, it is possible to enable or disable
|
||||
<application>pf</application> with the <command>pfctl</command>
|
||||
command.</para>
|
||||
|
||||
<para>This example demonstrates how to enable
|
||||
<application>pf</application>:</para>
|
||||
|
||||
<screen>&prompt.root; <userinput>pfctl -e</userinput></screen>
|
||||
|
||||
<para>The <command>pfctl</command> command provides a way to work
|
||||
with the <application>pf</application> firewall. It is a good
|
||||
idea to check the &man.pfctl.8; manual page to find out more
|
||||
information about using it.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
|
|
@ -414,6 +419,36 @@ options ALTQ_NOPCC # Required for SMP build</programlisting>
|
|||
This option is required on <acronym>SMP</acronym>
|
||||
systems.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Creating Filtering Rules</title>
|
||||
|
||||
<para>The Packet Filter reads its configuration rules from the
|
||||
&man.pf.conf.5; file and it modifies, drops or passes packets
|
||||
according to the rules or definitions specified there. The &os;
|
||||
installation comes with a default
|
||||
<filename>/etc/pf.conf</filename> which contains useful examples
|
||||
and explanations.</para>
|
||||
|
||||
<para>Although &os; has its own <filename>/etc/pf.conf</filename>
|
||||
the syntax is the same as one used in OpenBSD. A great
|
||||
resource for configuring the <application>pf</application>
|
||||
firewall has been written by OpenBSD team and is available at
|
||||
<ulink url="http://www.openbsd.org/faq/pf/"></ulink>.</para>
|
||||
|
||||
<warning>
|
||||
<para>When browsing the pf user's guide, please keep in mind that
|
||||
different versions of &os; contain different versions of pf. The
|
||||
<application>pf</application> firewall in &os; 5.X is at the level
|
||||
of OpenBSD version 3.5 and in &os; 6.X is at the level of OpenBSD
|
||||
version 3.7.</para>
|
||||
</warning>
|
||||
|
||||
<para>The &a.pf; is a good place to ask questions about
|
||||
configuring and running the <application>pf</application>
|
||||
firewall. Do not forget to check the mailing list archives
|
||||
before asking questions.</para>
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
||||
<sect1 id="firewalls-ipf">
|
||||
|
|
|
|||
Loading…
Reference in a new issue