On Sun, 17 Jul 2005, Kevin Jordan wrote:

> Does anyone have a link to (or just the knowledge of) the step-by-step
> process for creating a kernel that will run IPFilter?  I think it has to do
> with adding 'options GATEWAY' at least.
>
> Thanks!
>
> KJ
>
>
>

At least if you need several interfaces.

Maybe you want

options IPFILTER_LOG  (loggin support via ipmon)
options IPFILTER_DEFAULT_BLOCK (block everything by default)

To create an initial /etc/ipf.conf, you might want to use

cd /usr/share/examples/ipf
perl mkfilters > /etc/ipf.conf

Then edit /etc/ipf.conf

Now place

ipfilter=YES

in /etc/rc.conf

and run /etc/rc.d/ipfilter start

to enable it.

You can view the current incoming and outgoing ruleset by

ipfstat -i -o


-Florian