Using pf as a Firewall February 5th, 2010
I’ve long been a fan of FreeBSD (although I also use a Mac, Linux, and Windows machine — right tool for the job, and all that), and one of the things I like best about the various BSDs is the ease with which you can set up a stateful packet-filtering firewall. To put it simply, pf rocks.
Setting it up for the first time, though, can be a bit of a chore. If you are interested in giving pf a look, here’s how you do it on FreeBSD.
Recompile your kernel
For the sake of argument, let’s assume that we are going to be setting up a machine called “zeus” as a gateway server with a few simple services running on it. We first need to compile the pf stuff into the kernel, and then install our new kernel. First, get to the right directory:
[tcs@zeus] ~> su -
Password:
1:28PM up 60 days, 3:54, 1 user, load averages: 0.03, 0.01, 0.00
[root@zeus] ~# cd /usr/src/sys/i386/conf/
Now, copy the file GENERIC to some new file (I’m calling my zeus):
[root@zeus] ~# cp GENERIC ZEUS
Edit the file ZEUS and add the following lines just below “options ADAPTIVE_GIANT”: Read the rest of this entry »
