netbsd-users: Re: pf not enabled in generic?

Subject: Re: pf not enabled in generic?
To: Steven M. Bellovin <smb@cs.columbia.edu>
From: matthew sporleder <msporleder@gmail.com>
List: netbsd-users
Date: 06/26/2006 22:41:48

On 6/26/06, Steven M. Bellovin <smb@cs.columbia.edu> wrote:
> On Mon, 26 Jun 2006 21:02:23 -0400, "George Georgalis" <george@galis.org>
> wrote:
>
> > This doesn't make sence to me...
> > isn't pf configured in generic?
> >
> >  root@dev:/root # pfctl -e
> > pfctl: /dev/pf: Device not configured
> >  root@dev:/root # uname -a
> > NetBSD dev 3.0 NetBSD 3.0 (GENERIC) #0: Mon Dec 19 01:04:02 UTC 2005  builds@works.netbsd.org:/home/builds/ab/netbsd-3-0-RELEASE/i386/200512182024Z-obj/home/builds/ab/netbsd-3-0-RELEASE/src/sys/arch/i386/compile/GENERIC i386
> >
> > What else do I need to do?
>
> Add
>
>         pseudo-device  pf                      # PF packet filter
>
> and probably
>
>         pseudo-device  pflog                   # PF log if
>
> to your kernel config file.
>
>
>                 --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
>

Alternatively, add:
pf.o - - - - -
to lkm.conf,
pf=YES
in rc.conf,
and
net.inet.ip.forwarding=1
in sysctl.conf.

Then reboot, and you're on your way.  I don't seem to have to use
BEFORENET in my lkm.conf.  <shrug>

Just follow the instruction here:
http://www.netbsd.org/Documentation/network/pf.html