From 6be47b725dbe981b3b17d6c613ae30fc93c8734f Mon Sep 17 00:00:00 2001
From: mlaier <mlaier@FreeBSD.org>
Date: Mon, 8 Mar 2004 22:03:29 +0000
Subject: Link pf to the build and install: This adds the former ports
 registered groups: proxy and authpf as well as the proxy user. Make sure to
 run mergemaster -p in oder to complete make installworld without errors.

This also provides the passive OS fingerprints from OpenBSD (pf.os) and an
example pf.conf.

For those who want to go without pf; it provides a NO_PF knob to make.conf.

__FreeBSD_version will be bumped soon to reflect this and to be able to
change ports accordingly.

Approved by:	bms(mentor)
---
 sys/conf/NOTES       | 12 +++++++++++-
 sys/modules/Makefile |  9 +++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

(limited to 'sys')

diff --git a/sys/conf/NOTES b/sys/conf/NOTES
index 1cd934c..f2e8ed5 100644
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@@ -487,6 +487,13 @@ device		musycc	# LMC/SBE LMC1504 quad T1/E1
 #  The `ef' device provides support for multiple ethernet frame types
 #  specified via ETHER_* options. See ef(4) for details.
 #
+# The pf packet filter consists of three devices:
+#  The `pf' device provides /dev/pf and the firewall code itself.
+#  The `pflog' device provides the pflog0 interface which logs packets.
+#  The `pfsync' device provides the pfsync0 interface used for
+#   synchronization of firewall state tables (over the net).
+# Requires option PFIL_HOOKS and (when used as a module) option RANDOM_IP_ID
+#
 # The PPP_BSDCOMP option enables support for compress(1) style entire
 # packet compression, the PPP_DEFLATE is for zlib/gzip style compression.
 # PPP_FILTER enables code for filtering the ppp data stream and selecting
@@ -507,6 +514,9 @@ device		tap			#Virtual Ethernet driver
 device		tun			#Tunnel driver (ppp(8), nos-tun(8))
 device		sl			#Serial Line IP
 device		gre			#IP over IP tunneling
+device		pf			#PF OpenBSD packet-filter firewall
+device		pflog			#logging support interface for PF
+device		pfsync			#synchronization interface for PF
 device		ppp			#Point-to-point protocol
 options 	PPP_BSDCOMP		#PPP BSD-compress support
 options 	PPP_DEFLATE		#PPP zlib/deflate/gzip support
@@ -561,7 +571,7 @@ device		stf			#6to4 IPv6 over IPv4 encapsulation
 #
 # PFIL_HOOKS enables an abtraction layer which is meant to be used in
 # network code where filtering is required.  See the pfil(9) man page.
-# This option is required by the IPFILTER option.
+# This option is required by the IPFILTER option and the PF device.
 #
 # TCPDEBUG enables code which keeps traces of the TCP state machine
 # for sockets with the SO_DEBUG option set, which can then be examined
diff --git a/sys/modules/Makefile b/sys/modules/Makefile
index 2540304..1bfc0cc 100644
--- a/sys/modules/Makefile
+++ b/sys/modules/Makefile
@@ -154,6 +154,9 @@ SUBDIR=	${_3dfx} \
 	${_pcfclock} \
 	pcn \
 	${_pecoff} \
+	${_pf} \
+	${_pflog} \
+	${_pfsync} \
 	plip \
 	${_pmc} \
 	portalfs \
@@ -265,6 +268,12 @@ _random=	random
 _ipfilter=	ipfilter
 .endif
 
+.if !defined(NO_PF) || defined(ALL_MODULES)
+_pf=		pf
+_pflog=		pflog
+_pfsync=	pfsync
+.endif
+
 .if ${MACHINE_ARCH} == "i386"
 # XXX some of these can move to the general case when de-i386'ed
 # XXX some of these can move now, but are untested on other architectures.
-- 
cgit v1.1