On 7/17/05 6:45 PM, "Florian Stoehr" <netbsd@wolfnode.de> wrote:

> On Sun, 17 Jul 2005, Kevin Jordan wrote:
> 
>> Does anyone have a link to (or just the knowledge of) the step-by-step
>> process for creating a kernel that will run IPFilter?  I think it has to do
>> with adding 'options GATEWAY' at least.
>> 
>> Thanks!
>> 
>> KJ
>> 
>> 
>> 

Thanks for the email!

> 
> At least if you need several interfaces.
> 
> Maybe you want
> 
> options IPFILTER_LOG  (loggin support via ipmon)
> options IPFILTER_DEFAULT_BLOCK (block everything by default)

Where do these go?  The rest make sense.

> 
> To create an initial /etc/ipf.conf, you might want to use
> 
> cd /usr/share/examples/ipf
> perl mkfilters > /etc/ipf.conf
> 
> Then edit /etc/ipf.conf
> 
> Now place
> 
> ipfilter=YES
> 
> in /etc/rc.conf
> 
> and run /etc/rc.d/ipfilter start
> 
> to enable it.
> 
> You can view the current incoming and outgoing ruleset by
> 
> ipfstat -i -o
> 
> 
> -Florian

KJ