matthew sporleder wrote:
> On 6/26/06, Steven M. Bellovin <smb@cs.columbia.edu> wrote:
> 
>> On Mon, 26 Jun 2006 21:02:23 -0400, "George Georgalis" <george@galis.org>
>> wrote:
>>
>> > This doesn't make sence to me...
>> > isn't pf configured in generic?
>> >
>> >  root@dev:/root # pfctl -e
>> > pfctl: /dev/pf: Device not configured
>> >  root@dev:/root # uname -a
>> > NetBSD dev 3.0 NetBSD 3.0 (GENERIC) #0: Mon Dec 19 01:04:02 UTC 
>> 2005  
>> builds@works.netbsd.org:/home/builds/ab/netbsd-3-0-RELEASE/i386/200512182024Z-obj/home/builds/ab/netbsd-3-0-RELEASE/src/sys/arch/i386/compile/GENERIC 
>> i386
>> >
>> > What else do I need to do?
>>
>> Add
>>
>>         pseudo-device  pf                      # PF packet filter
>>
>> and probably
>>
>>         pseudo-device  pflog                   # PF log if
>>
>> to your kernel config file.
>>
>>
>>                 --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
>>
> 
> Alternatively, add:
> pf.o - - - - -
> to lkm.conf,
> pf=YES
> in rc.conf,
> and
> net.inet.ip.forwarding=1
> in sysctl.conf.
> 
> Then reboot, and you're on your way.  I don't seem to have to use
> BEFORENET in my lkm.conf.  <shrug>
> 
> Just follow the instruction here:
> http://www.netbsd.org/Documentation/network/pf.html
> 

You forgot "lkm=YES" in rc.conf too :-) Or at least I needed to do that.