[HCS-D]office hours notes

Ivan Krstic krstic at fas.harvard.edu
Tue Dec 7 01:02:12 EST 2004

Matt Gline wrote:
> 1) pf was installed on HCS by Mike Hamburg. This involved recompiling
> the kernel, which was done, and HCS was rebooted. At a glance it
> did not appear that the firewall was running after the reboot; we're
> investigating to see if this is the case or not.

Pf didn't load because of what appear to be ordering problems in KLD 
loading. Pf was properly integrated into -CURRENT, but a backport exists 
into 5.2.1 which provides KLDs to do the filtering; during bootup, when 
the system tried to load pf.ko, it detected an unmet KLD depedency 
(pflog and pfsync) and aborted.

I've now loaded these three KLDs, meaning pf is resident but inactive, 
as it hasn't been handed a ruleset. Loading a ruleset should probably be 
done by someone physically in the room to ensure that the system doesn't 
cut itself off the network.


