Changeset f1941b2 in rtems-libbsd for libbsd.txt


Ignore:
Timestamp:
Jul 12, 2016, 11:41:39 AM (3 years ago)
Author:
Christian Mauderer <Christian.Mauderer@…>
Branches:
7ece7548c1b05cf6bb10e6708b83b2401d45c250, freebsd-9.3, 29cc431e0bcfe059d65ac3019f53eeafa5064ae8
Children:
7aaa9a1
Parents:
f71cbd0
git-author:
Christian Mauderer <Christian.Mauderer@…> (07/12/16 11:41:39)
git-committer:
Christian Mauderer <Christian.Mauderer@…> (08/02/16 08:58:08)
Message:

libbsd.txt: Add section describing PF.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • libbsd.txt

    rf71cbd0 rf1941b2  
    13271327mask IFCAP_TXCSUM and IFCAP_RXCSUM set.
    13281328
     1329== PF (Firewall) ==
     1330
     1331It is possible to use PF as a firewall. See
     1332[https://www.freebsd.org/doc/handbook/firewalls-pf.html] for details on the
     1333range of functions and for how to configure the firewall.
     1334
     1335The following is necessary to use PF on RTEMS:
     1336
     1337- You have to provide a +/etc/pf.os+ file. The firewall can use it for passive
     1338  OS fingerprinting. If you don't want to use this feature, the file may contain
     1339  nothing except a line of comment (for example "# empty").
     1340
     1341- If some filters use protocol names (like tcp or udp) you have to provide a
     1342  +/etc/protocols+ file.
     1343
     1344- If some filters use service names (like ssh or http) you have to provide a
     1345  +/etc/services+ file.
     1346
     1347- Create a rule file (normally +/etc/pf.conf+). See the FreeBSD manual for the
     1348  syntax.
     1349
     1350- Load the rule file using the pfctl command and enable pf. An example
     1351  initialisation can look like follows:
     1352
     1353----
     1354        int exit_code;
     1355        char *params[] = {
     1356                "pfctl",
     1357                "-f",
     1358                "/etc/pf.conf",
     1359                "-e",
     1360                NULL
     1361        };
     1362
     1363        exit_code = rtems_bsd_command_pfctl(ARGC(params), params);
     1364        assert(exit_code == EXIT_SUCCSESS);
     1365----
     1366
     1367=== Known restrictions ===
     1368
     1369- Currently PF on RTEMS always uses the configuration for memory restricted
     1370  systems (on FreeBSD that means systems with less than 100 MB RAM). This is
     1371  fixed in +pfctl_init_options()+.
     1372
    13291373== Problems to report to FreeBSD ==
    13301374
Note: See TracChangeset for help on using the changeset viewer.