作業日記@HatenaBlog

各種の作業メモ

pf (packet filter) の有効化

カーネルの再構築

以下の手順で ALTQ を有効化する。(GENERIC カーネルのみでの運用は断念した)

  1. GENERIC から GENERIC_ALTQ をコピー作成する
    # cd /usr/src/sys/amd64/conf/
    # cp -Rp GENERIC GENERIC_ALTQ
  2. GENERIC_ALTQ にパッチ (GENERIC.patch) を当てる
    # patch GENERIC_ALTQ < GENERIC.patch
  3. カーネルを再構築・インストールする
    # config GENERIC_ALTQ
    # cd ../../compile/GENERIC_ALTQ
    # make depend
    # make && make install

 

GENERIC.patch
 --- GENERIC     2010-01-18 09:53:21.000000000 +0900
 +++ GENERIC_ALTQ        2010-03-28 22:54:24.000000000 +0900
 @@ -19,7 +19,7 @@
  # $FreeBSD: src/sys/amd64/conf/GENERIC,v 1.531.2.8 2010/01/18 00:53:21 imp Exp $
 
  cpu            HAMMER
 -ident          GENERIC
 +ident          GENERIC_ALTQ
 
  # To statically compile in device wiring instead of /boot/device.hints
  #hints         "GENERIC.hints"         # Default places to look for devices.
 @@ -30,7 +30,7 @@
  #
  # env          "GENERIC.env"
 
 -makeoptions    DEBUG=-g                # Build kernel with gdb(1) debug symbols
 +##makeoptions  DEBUG=-g                # Build kernel with gdb(1) debug symbols
 
  options        SCHED_ULE               # ULE scheduler
  options        PREEMPTION              # Enable kernel thread preemption
 @@ -80,6 +80,21 @@
  # Make an SMP-capable kernel by default
  options        SMP                     # Symmetric MultiProcessor Kernel
 
 +#####
 +# Enabling ALTQ (for Packet Filter(PF))
 +# Sat Mar 20 11:38:18 JST 2010
 +options                ALTQ            # Enable ALTQ.
 +options                ALTQ_CBQ        # Build the ``Class Based Queuing'' discipline.
 +options                ALTQ_RED        # Build the ``Random Early Detection'' extension.
 +options                ALTQ_RIO        # Build ``Random Early Drop'' for input and output.
 +options                ALTQ_HFSC       # Build the ``Hierarchical Packet Scheduler'' discipline.
 +options                ALTQ_CDNR       # Build the traffic conditioner.  This option is meaningless at
 +                               # the moment as the conditioner is not used by any of the
 +                               # available disciplines or consumers.
 +options                ALTQ_PRIQ       # Build the ``Priority Queuing'' discipline.
 +options                ALTQ_NOPCC      # Required if the TSC is unusable.
 +#####
 +
  # CPU frequency control
  device         cpufreq
 
 @@ -274,6 +289,14 @@
  device         faith           # IPv6-to-IPv4 relaying (translation)
  device         firmware        # firmware assist module
 
 +#####
 +# Enabling Packet Filter(PF)
 +# Sun Mar 28 22:19:10 JST 2010
 +device         pf              # Packet filter
 +device         pflog           # Packet filter logging
 +device         pfsync          # Packet filter state table logging
 +#####
 +
  # The `bpf' device enables the Berkeley Packet Filter.
  # Be aware of the administrative consequences of enabling this!
  # Note that 'bpf' is required for DHCP.

 

/etc/rc.conf の追記

/etc/rc.conf に packet filter の記述を追加。

# vi /etc/rc.conf
 
pf_enable="YES"                 # Set to YES to enable packet filter (pf)
pf_rules="/etc/pf.conf"         # rules definition file for pf
pf_flags=""                     # additional flags for pfctl startup
pflog_enable="YES"              # Set to YES to enable packet filter logging
pflog_logfile="/var/log/pflog"  # where pflogd should store the logfile
pflog_flags=""                  # additional flags for pflogd startup

pf_flags=""                     # additional flags for pfctl startup
pflog_enable="YES"              # Set to YES to enable packet filter logging
pflog_logfile="/var/log/pflog"  # where pflogd should store the logfile
pflog_flags=""                  # additional flags for pflogd startup