diff options
| author | mlaier <mlaier@FreeBSD.org> | 2004-03-08 22:03:29 +0000 |
|---|---|---|
| committer | mlaier <mlaier@FreeBSD.org> | 2004-03-08 22:03:29 +0000 |
| commit | 6be47b725dbe981b3b17d6c613ae30fc93c8734f (patch) | |
| tree | 38dcc46c6326ec0b0dc0f6d59183c7d17c5f9d66 /sys | |
| parent | 8ff4e76430891ac4cdbaed167d6824866a07f187 (diff) | |
| download | FreeBSD-src-6be47b725dbe981b3b17d6c613ae30fc93c8734f.zip FreeBSD-src-6be47b725dbe981b3b17d6c613ae30fc93c8734f.tar.gz | |
Link pf to the build and install:
This adds the former ports registered groups: proxy and authpf as well as
the proxy user. Make sure to run mergemaster -p in oder to complete make
installworld without errors.
This also provides the passive OS fingerprints from OpenBSD (pf.os) and an
example pf.conf.
For those who want to go without pf; it provides a NO_PF knob to make.conf.
__FreeBSD_version will be bumped soon to reflect this and to be able to
change ports accordingly.
Approved by: bms(mentor)
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/conf/NOTES | 12 | ||||
| -rw-r--r-- | sys/modules/Makefile | 9 |
2 files changed, 20 insertions, 1 deletions
diff --git a/sys/conf/NOTES b/sys/conf/NOTES index 1cd934c..f2e8ed5 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -487,6 +487,13 @@ device musycc # LMC/SBE LMC1504 quad T1/E1 # The `ef' device provides support for multiple ethernet frame types # specified via ETHER_* options. See ef(4) for details. # +# The pf packet filter consists of three devices: +# The `pf' device provides /dev/pf and the firewall code itself. +# The `pflog' device provides the pflog0 interface which logs packets. +# The `pfsync' device provides the pfsync0 interface used for +# synchronization of firewall state tables (over the net). +# Requires option PFIL_HOOKS and (when used as a module) option RANDOM_IP_ID +# # The PPP_BSDCOMP option enables support for compress(1) style entire # packet compression, the PPP_DEFLATE is for zlib/gzip style compression. # PPP_FILTER enables code for filtering the ppp data stream and selecting @@ -507,6 +514,9 @@ device tap #Virtual Ethernet driver device tun #Tunnel driver (ppp(8), nos-tun(8)) device sl #Serial Line IP device gre #IP over IP tunneling +device pf #PF OpenBSD packet-filter firewall +device pflog #logging support interface for PF +device pfsync #synchronization interface for PF device ppp #Point-to-point protocol options PPP_BSDCOMP #PPP BSD-compress support options PPP_DEFLATE #PPP zlib/deflate/gzip support @@ -561,7 +571,7 @@ device stf #6to4 IPv6 over IPv4 encapsulation # # PFIL_HOOKS enables an abtraction layer which is meant to be used in # network code where filtering is required. See the pfil(9) man page. -# This option is required by the IPFILTER option. +# This option is required by the IPFILTER option and the PF device. # # TCPDEBUG enables code which keeps traces of the TCP state machine # for sockets with the SO_DEBUG option set, which can then be examined diff --git a/sys/modules/Makefile b/sys/modules/Makefile index 2540304..1bfc0cc 100644 --- a/sys/modules/Makefile +++ b/sys/modules/Makefile @@ -154,6 +154,9 @@ SUBDIR= ${_3dfx} \ ${_pcfclock} \ pcn \ ${_pecoff} \ + ${_pf} \ + ${_pflog} \ + ${_pfsync} \ plip \ ${_pmc} \ portalfs \ @@ -265,6 +268,12 @@ _random= random _ipfilter= ipfilter .endif +.if !defined(NO_PF) || defined(ALL_MODULES) +_pf= pf +_pflog= pflog +_pfsync= pfsync +.endif + .if ${MACHINE_ARCH} == "i386" # XXX some of these can move to the general case when de-i386'ed # XXX some of these can move now, but are untested on other architectures. |
