The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
Installing IP Filter 3.3.4 4 December 1999
Need more help on this topic? Click here
This article has no comments
Show me similar articles
IP Filter 3.3.4 was released today.  This article merely documents that fact and describes how I installed it under FreeBSD 3.3-release.  These instructions should work for all subsequent versions of IP Filter.  If they do not, please add your comments.

NOTE: version 3.3.4 is no longer available.  At the time of writing, I was on 3.4.1.

See Installing IP Filter 3.4.1 for instructions on how to install ipf under FreeBSD 4.0-stable.

Instructions for disabling ipfw/natd are also available here.
Getting IP Filter
NOTE: IP Filter version 3.3.3 has been added to 3.3-stable I believe.   It's in the ports under /src/contrib I think.  I've tried the port and it fails.  Feel free to give it a go.  You may have to update your ports in order to get the correct version.  If it fails for you, try the steps in this article. 

Remember, I have the entire ports tree installed.  If you use the port, you may be able to skip to Configuration.   Please note that I have not installed IP Filter from the ports, so I'm not sure the following notes will work or not.

The main webpage for IP Filter is http://coombs.anu.edu.au/~avalon/.   And one of the best how-to guides for IP Filter is at http://www.obfuscation.org/ipf/.

I obtained the tar ball from ftp://coombs.anu.edu.au/pub/net/ip-filter/.   I issued the following commands:

cd /usr/ports/net
fetch ftp://coombs.anu.edu.au/pub/net/ip-filter/ip_fil3.3.4.tar.gz
tar xvfz ip_fil3.3.4.tar.gz

NOTE: version 3.3.4 is no longer available.  At the time of writing, I was on 3.3.6.
Installing
To use ipf, you first compile ipf, and then create a new kernel which includes the ipf options.  In addition, I always use ipnat in conjunction with ipf.  In order for ipnat to work, you must include the kernel options for ipnat.  Be sure to do this before you recompile the kernel to include ipf.

To compile ipf 3.3.4, follow the instructions included with the tarball.   Here's what they look like:

# cd /usr/ports/net/ip_fil3.3.4/
# more FreeBSD-3/INST.FreeBSD-3
To build a kernel with the IP filter, follow these steps:

       1. do "make freebsd3"

       2. do "make install-bsd"
          (probably has to be done as root)

       3. run "FreeBSD-3/kinstall" as root

       4. build a new kernel

       5. install the new kernel

       6. If not using DEVFS, create devices for IP Filter as follows:
               mknod /dev/ipl c 79 0
               mknod /dev/ipnat c 79 1
               mknod /dev/ipstate c 79 2
               mknod /dev/ipauth c 79 3

       7. reboot

Darren Reed
darrenr@pobox.com

I did not do step 6.

Remember to add kernel support for ipnat before recompiling.

For step 4, see the Configuring the FreeBSD Kernel section in the FreeBSD handbook.   Pay special attention to the section on Building and Installing a Custom Kernel.
That's it!
I rebuilt my kernel, rebooted, and I was away with IP Filter 3.3.4.  Very smooth.

Need more help on this topic? Click here
This article has no comments
Show me similar articles
Servers and bandwidth provided by New York Internet, SuperNews, and RootBSD. Valid HTML, CSS , and RSS
Copyright © 1997-2016 Dan Langille
All rights reserved