[HCS-D]office hours notes
krstic at fas.harvard.edu
Tue Dec 7 01:02:12 EST 2004
Matt Gline wrote:
> 1) pf was installed on HCS by Mike Hamburg. This involved recompiling
> the kernel, which was done, and HCS was rebooted. At a glance it
> did not appear that the firewall was running after the reboot; we're
> investigating to see if this is the case or not.
Pf didn't load because of what appear to be ordering problems in KLD
loading. Pf was properly integrated into -CURRENT, but a backport exists
into 5.2.1 which provides KLDs to do the filtering; during bootup, when
the system tried to load pf.ko, it detected an unmet KLD depedency
(pflog and pfsync) and aborted.
I've now loaded these three KLDs, meaning pf is resident but inactive,
as it hasn't been handed a ruleset. Loading a ruleset should probably be
done by someone physically in the room to ensure that the system doesn't
cut itself off the network.
More information about the hcs-discuss