On Mon, Dec 26, 2005 at 05:39:00PM +0100, Peter Postma wrote:
>On Mon, Dec 26, 2005 at 11:29:49AM -0500, George Georgalis wrote:
>>
>
>The GENERIC kernels does not enable pf by default. You should either load
>pf as LKM (modload /usr/lkm/pf.o) or add pf to your kernel config and
>rebuild your kernel. On 3.0, you should not need pflkm from pkgsrc because
>it's included in base now.

okay, that module suits me fine and I can use my pf.conf file now :)

>> Have I not included an important kernel option?
>> 
>
>No, you've added too much options ;-)
>pf currently does not compile with the ALTQ options, because pf uses a
>different ALTQ. There are currently two solutions: load pf as LKM and
>compile the old ALTQ into the kernel, or apply my ALTQ patches[1] to the
>kernel.
>
>[1] http://nedbsd.nl/~ppostma/pf/altq.html

Oh excellent, that explains it. I'll try your patch when I'm at
the get the ALTQ part working stage.

Now I'm working out my first BSD bridge, and I seem to have a
misunderstanding of pf, in this test all traffic but dns should
pass through,

if_dmz = fpx0
if_net = fpx1
pass in  quick on $if_dmz all
pass out quick on $if_dmz all
block on $if_net proto { tcp,udp } from any to any port 53

but the block rule doesn't seem to stop anything... :-\
What's wrong here?

// George



-- 
George Georgalis, systems architect, administrator <IXOYE><
http://galis.org/ cell:646-331-2027 mailto:george@galis.org