Attachment #61464 for bug #92113

View | Details | Raw Unified | Return to bug 92113
Collapse All | Expand All




<!--
     The FreeBSD Documentation Project

     $FreeBSD: doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml,v 1.63 2006/01/05 20:03:37 delphij Exp $
-->

<chapter id="firewalls">

    <para>More info can be found at the PF for &os; web site: <ulink
	url="http://pf4freebsd.love2party.net/"></ulink>.</para>

    <para>The OpenBSD PF user's guide is here: <ulink
	url="http://www.openbsd.org/faq/pf/"></ulink>.</para>

    <warning>
      <para>PF in &os; 5.X is at the level of OpenBSD version 3.5.  The
	port from the &os; Ports Collection is at the level of OpenBSD
	version 3.4.  Keep that in mind when browsing the user's
	guide.</para>
    </warning>

    <sect2>
      <title>Enabling PF</title>


	  was defined during the build, it also requires <literal>options
	    INET6</literal>.</para>
      </note>

      <para>Once the kernel module is loaded or the kernel is statically
	built with PF support, it is possible to enable or disable
	<application>pf</application> with <command>pfctl</command>
	command.</para>

      <para>This example demonstrates how to enable the
	<application>pf</application>:</para>

      <screen>&prompt.root; <userinput>pfctl -e</userinput></screen>

      <para>The <command>pfctl</command> command provides a way to work
	with the <application>pf</application> firewall. It is a good
	idea to check the &man.pfctl.8; manual page to find out more
	information about using it.</para>
    </sect2>

    <sect2>

	<acronym>SMP</acronym> support for <acronym>ALTQ</acronym>.
	This option is required on <acronym>SMP</acronym>
	systems.</para>
    </sect2>

    <sect2>
      <title>Creating Filtering Rules</title>

      <para>The Packet Filter reads it's configuration rules from the
	&man.pf.conf.5; file and it modifies, drops or passes packets
	according to the rules or definitions specified there.  The &os;
	installation comes with a default
	<filename>/etc/pf.conf</filename> which contains useful examples
	and explanations.</para>

      <para>Although &os; has it's own <filename>/etc/pf.conf</filename>
	the syntax is the same as one used in OpenBSD.  A great
	resource for configuring the <application>pf</application>
	firewall has been written by OpenBSD team and is available at
	<ulink url="http://www.openbsd.org/faq/pf/"></ulink>.</para>

      <warning>
	<para>The <application>pf</application> firewall in &os; 5.X is
	  at the level of OpenBSD version 3.5 and in &os; 6.X is at the
	  level of OpenBSD version 3.7.  The port from the &os; Ports
	  Collection is at the level of OpenBSD version 3.4.  Please,
	  keep that in mind when browsing the
	  <application>pf</application> user's guide.</para>
      </warning>

      <para>The &a.pf; is a good place to ask questions about
	configuring and running the <application>pf</application>
	firewall.  Do not forget to check the mailing list archives
	before asking questions.</para>
    </sect2>
  </sect1>

Return to bug 92113

Lines 1-7 Link Here

(-)/usr/home/danger/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml (-11 / +47 lines)
1	<!--	1	<!--
2	The FreeBSD Documentation Project	2	The FreeBSD Documentation Project
3		3
4	$FreeBSD: /repoman/r/dcvs/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml,v 1.63 2006/01/05 20:03:37 delphij Exp $	4	$FreeBSD: doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml,v 1.63 2006/01/05 20:03:37 delphij Exp $
5	-->	5	-->
6		6
7	<chapter id="firewalls">	7	<chapter id="firewalls">
Lines 256-271 Link Here
256	<para>More info can be found at the PF for &os; web site: <ulink	256	<para>More info can be found at the PF for &os; web site: <ulink
257	url="http://pf4freebsd.love2party.net/"></ulink>.</para>	257	url="http://pf4freebsd.love2party.net/"></ulink>.</para>
258		258
259	<para>The OpenBSD PF user's guide is here: <ulink
260	url="http://www.openbsd.org/faq/pf/"></ulink>.</para>
261
262	<warning>
263	<para>PF in &os; 5.X is at the level of OpenBSD version 3.5. The
264	port from the &os; Ports Collection is at the level of OpenBSD
265	version 3.4. Keep that in mind when browsing the user's
266	guide.</para>
267	</warning>
268
269	<sect2>	259	<sect2>
270	<title>Enabling PF</title>	260	<title>Enabling PF</title>
271		261
Lines 283-288 Link Here
283	was defined during the build, it also requires <literal>options	273	was defined during the build, it also requires <literal>options
284	INET6</literal>.</para>	274	INET6</literal>.</para>
285	</note>	275	</note>
		276
		277	<para>Once the kernel module is loaded or the kernel is statically
		278	built with PF support, it is possible to enable or disable
		279	<application>pf</application> with <command>pfctl</command>
		280	command.</para>
		281
		282	<para>This example demonstrates how to enable the
		283	<application>pf</application>:</para>
		284
		285	<screen>&prompt.root; <userinput>pfctl -e</userinput></screen>
		286
		287	<para>The <command>pfctl</command> command provides a way to work
		288	with the <application>pf</application> firewall. It is a good
		289	idea to check the &man.pfctl.8; manual page to find out more
		290	information about using it.</para>
286	</sect2>	291	</sect2>
287		292
288	<sect2>	293	<sect2>
Lines 413-418 Link Here
413	<acronym>SMP</acronym> support for <acronym>ALTQ</acronym>.	418	<acronym>SMP</acronym> support for <acronym>ALTQ</acronym>.
414	This option is required on <acronym>SMP</acronym>	419	This option is required on <acronym>SMP</acronym>
415	systems.</para>	420	systems.</para>
		421	</sect2>
		422
		423	<sect2>
		424	<title>Creating Filtering Rules</title>
		425
		426	<para>The Packet Filter reads it's configuration rules from the
		427	&man.pf.conf.5; file and it modifies, drops or passes packets
		428	according to the rules or definitions specified there. The &os;
		429	installation comes with a default
		430	<filename>/etc/pf.conf</filename> which contains useful examples
		431	and explanations.</para>
		432
		433	<para>Although &os; has it's own <filename>/etc/pf.conf</filename>
		434	the syntax is the same as one used in OpenBSD. A great
		435	resource for configuring the <application>pf</application>
		436	firewall has been written by OpenBSD team and is available at
		437	<ulink url="http://www.openbsd.org/faq/pf/"></ulink>.</para>
		438
		439	<warning>
		440	<para>The <application>pf</application> firewall in &os; 5.X is
		441	at the level of OpenBSD version 3.5 and in &os; 6.X is at the
		442	level of OpenBSD version 3.7. The port from the &os; Ports
		443	Collection is at the level of OpenBSD version 3.4. Please,
		444	keep that in mind when browsing the
		445	<application>pf</application> user's guide.</para>
		446	</warning>
		447
		448	<para>The &a.pf; is a good place to ask questions about
		449	configuring and running the <application>pf</application>
		450	firewall. Do not forget to check the mailing list archives
		451	before asking questions.</para>
416	</sect2>	452	</sect2>
417	</sect1>	453	</sect1>