The OpenBSD Packet Filter
0 views
Skip to first unread message
elsiddik
Dec 22, 2007, 3:32:05 PM12/22/07
to unix
To activate PF and have it read its configuration file at boot, add
the line
pf=YES
to the file /etc/rc.conf.local.
Reboot your system to have it take effect.
You can also activate and deactivate PF by using the pfctl(8) program:
# pfctl -e
# pfctl -d
to enable and disable, respectively. Note that this just enables or
disables PF, it doesn't actually load a ruleset. The ruleset must be
loaded separately, either before or after PF is enabled.
Configuration
PF reads its configuration rules from /etc/pf.conf at boot time, as
loaded by the rc scripts. Note that while /etc/pf.conf is the default
and is loaded by the system rc scripts, it is just a text file loaded
and interpreted by pfctl(8) and inserted into pf(4). For some
applications, other rulesets may be loaded from other files after
boot. As with any well designed Unix application, PF offers great
flexibility.
The pf.conf file has seven parts:
* Macros: User-defined variables that can hold IP addresses,
interface names, etc.
* Tables: A structure used to hold lists of IP addresses.
* Options: Various options to control how PF works.
* Scrub: Reprocessing packets to normalize and defragment them.
* Queueing: Provides bandwidth control and packet prioritization.
* Translation: Controls Network Address Translation and packet
redirection.
* Filter Rules: Allows the selective filtering or blocking of
packets as they pass through any of the interfaces.
With the exception of macros and tables, each section should appear in
this order in the configuration file, though not all sections have to
exist for any particular application.
Blank lines are ignored, and lines beginning with # are treated as
comments.
Read full article >> http://www.openbsd.org/faq/pf/config.html
zaher el siddik
http://www.unixshells.nl/
http://elsiddik.blogspot.com/
the line
pf=YES
to the file /etc/rc.conf.local.
Reboot your system to have it take effect.
You can also activate and deactivate PF by using the pfctl(8) program:
# pfctl -e
# pfctl -d
to enable and disable, respectively. Note that this just enables or
disables PF, it doesn't actually load a ruleset. The ruleset must be
loaded separately, either before or after PF is enabled.
Configuration
PF reads its configuration rules from /etc/pf.conf at boot time, as
loaded by the rc scripts. Note that while /etc/pf.conf is the default
and is loaded by the system rc scripts, it is just a text file loaded
and interpreted by pfctl(8) and inserted into pf(4). For some
applications, other rulesets may be loaded from other files after
boot. As with any well designed Unix application, PF offers great
flexibility.
The pf.conf file has seven parts:
* Macros: User-defined variables that can hold IP addresses,
interface names, etc.
* Tables: A structure used to hold lists of IP addresses.
* Options: Various options to control how PF works.
* Scrub: Reprocessing packets to normalize and defragment them.
* Queueing: Provides bandwidth control and packet prioritization.
* Translation: Controls Network Address Translation and packet
redirection.
* Filter Rules: Allows the selective filtering or blocking of
packets as they pass through any of the interfaces.
With the exception of macros and tables, each section should appear in
this order in the configuration file, though not all sections have to
exist for any particular application.
Blank lines are ignored, and lines beginning with # are treated as
comments.
Read full article >> http://www.openbsd.org/faq/pf/config.html
zaher el siddik
http://www.unixshells.nl/
http://elsiddik.blogspot.com/
Reply all
Reply to author
Forward
0 new messages