Gavin,

I have never had to do anything like this and nevertheless I have /dev/pf
I have pf compiled into the kernel, so I wouldn't blame it on "must be module" either. Could you send me, please, the following files, I would really like to understand the problem

- KERNEL config
- /etc/make.conf
- /etc/rc.conf
- /etc/fstab
- /boot/loader.conf

Thanks

Sincerely,
Vadym Chepkov

----- Original Message ----- From: "Gavin Spomer" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, January 29, 2008 12:23 PM
Subject: Re: How does /dev/pf get created?


David DeSimone <[EMAIL PROTECTED]> 01/28/08 3:50 PM >>>
Gavin Spomer <[EMAIL PROTECTED]> wrote:

Although it was new to me, a couple of quick glances at man pages and
experiments produced a /dev/pf for me.
Can you tell us what it was that you changed?  Someone else may need to
know, someday.


You're absolutely right. I guess I forgot my obligation in my excitement to go home yesterday. ;)

  Here's what I did:
     1. cp /etc/defaults/devfs.rules /etc/
     2. chmod u+w /etc/devfs.rules
3. vi /etc/devfs.rules: Added "add path pf unhide" to the [devfsrules_unhide_basic=2] ruleset
     4. vi /etc/devfs.conf: Added "own pf root:wheel" and "perm pf 0660". *
     5. shutdown -r now

* I don't know if my permissions/ownerships for /dev/pf are correct, but I looked at other devices and made a guess.
    Anyone know what they're supposed to be?

Just noticed I don't have pflog or pfsync devices either, so I guess I'll create those too.


One thing I really dig so far about pf versus the firewall I use on my
SuSE machines (iptables), is that I don't have to reboot for changes
to take effect.  Way happy about that!  :)
It has been a while since I worked with iptables, but I have NEVER had
to reboot in order to make changes to it.  That is just bizarre!


I never took the time to actually write my own iptables rules, but SuSE has a built in mechanism that simplified it: SuSEfirewall2. Basically you just have a fairly simple config file to edit and SuSEconfig writes the rules for you. In the O-Reilly book Linux Server Security (2nd Edition), it says "... all you do is edit the file /etc/sysconfig/SUSEfirewall2 (in earlier versions of SUSE, /etc/rc.conf.d/firewall2.rc.config), run SUSEconfig, and reboot". So I've been doing it that way ever since. But after a quick Googling, it seems that maybe I don't have to reboot and can just run "/sbin/rcSuSEfirewall2 restart". Just an example of one of the times I wasn't very thorough in investigating something. ;)

  - Gavin
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to