Changeset ccd0ebc9 in rtems-libbsd


Ignore:
Timestamp:
Jul 12, 2016, 11:41:39 AM (4 years ago)
Author:
Christian Mauderer <Christian.Mauderer@…>
Branches:
4.11
Children:
09ab431
Parents:
c3a8e6b
git-author:
Christian Mauderer <Christian.Mauderer@…> (07/12/16 11:41:39)
git-committer:
Sebastian Huber <sebastian.huber@…> (08/03/16 12:13:19)
Message:

libbsd.txt: Add section describing PF.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • libbsd.txt

    rc3a8e6b rccd0ebc9  
    11341134mask IFCAP_TXCSUM and IFCAP_RXCSUM set.
    11351135
     1136== PF (Firewall) ==
     1137
     1138It is possible to use PF as a firewall. See
     1139[https://www.freebsd.org/doc/handbook/firewalls-pf.html] for details on the
     1140range of functions and for how to configure the firewall.
     1141
     1142The following is necessary to use PF on RTEMS:
     1143
     1144- You have to provide a +/etc/pf.os+ file. The firewall can use it for passive
     1145  OS fingerprinting. If you don't want to use this feature, the file may contain
     1146  nothing except a line of comment (for example "# empty").
     1147
     1148- If some filters use protocol names (like tcp or udp) you have to provide a
     1149  +/etc/protocols+ file.
     1150
     1151- If some filters use service names (like ssh or http) you have to provide a
     1152  +/etc/services+ file.
     1153
     1154- Create a rule file (normally +/etc/pf.conf+). See the FreeBSD manual for the
     1155  syntax.
     1156
     1157- Load the rule file using the pfctl command and enable pf. An example
     1158  initialisation can look like follows:
     1159
     1160----
     1161        int exit_code;
     1162        char *params[] = {
     1163                "pfctl",
     1164                "-f",
     1165                "/etc/pf.conf",
     1166                "-e",
     1167                NULL
     1168        };
     1169
     1170        exit_code = rtems_bsd_command_pfctl(ARGC(params), params);
     1171        assert(exit_code == EXIT_SUCCSESS);
     1172----
     1173
     1174=== Known restrictions ===
     1175
     1176- Currently PF on RTEMS always uses the configuration for memory restricted
     1177  systems (on FreeBSD that means systems with less than 100 MB RAM). This is
     1178  fixed in +pfctl_init_options()+.
     1179
    11361180== Problems to report to FreeBSD ==
    11371181
Note: See TracChangeset for help on using the changeset viewer.