From danger@rulez.sk  Sat Jan 21 21:43:24 2006
Return-Path: <danger@rulez.sk>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6FF9916A41F
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 21 Jan 2006 21:43:24 +0000 (GMT)
	(envelope-from danger@rulez.sk)
Received: from mail.rulez.sk (DaEmoN.RuLeZ.sK [84.16.32.226])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E5FE043D45
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 21 Jan 2006 21:43:23 +0000 (GMT)
	(envelope-from danger@rulez.sk)
Received: from localhost (localhost [127.0.0.1])
	by mail.rulez.sk (Postfix) with ESMTP id 6DA7A1CC6E
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 21 Jan 2006 22:43:22 +0100 (CET)
Received: by mail.rulez.sk (Postfix, from userid 125)
	id 6CF3A1CDD8; Sat, 21 Jan 2006 22:51:40 +0100 (CET)
Received: by mail.rulez.sk (Postfix, from userid 1001)
	id 8875F1CD7C; Sat, 21 Jan 2006 22:34:53 +0100 (CET)
Message-Id: <20060121213453.8875F1CD7C@mail.rulez.sk>
Date: Sat, 21 Jan 2006 22:34:53 +0100 (CET)
From: Daniel Gerzo <danger@rulez.sk>
Reply-To: Daniel Gerzo <danger@rulez.sk>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] a little addition to the firewalls-pf section of the handbook
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         92113
>Category:       docs
>Synopsis:       [PATCH] a little addition to the firewalls-pf section of the handbook
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    brd
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jan 21 21:50:02 GMT 2006
>Closed-Date:    Sun Jan 22 22:27:40 GMT 2006
>Last-Modified:  Sun Jan 22 22:27:40 GMT 2006
>Originator:     Daniel Gerzo
>Release:        FreeBSD 6 i386
>Organization:
rulez.sk
>Environment:
System: FreeBSD daemon.rulez.sk 6 #0: Sat Jan 21 10:38:47 CET 2006 danger@daemon.rulez.sk:/usr/obj/usr/src/sys/daemon i386
>Description:
I've written a little addition for the handbook - the section about
firewalls, namely pf section.

this diff has already been a bit reviewed by brd@ (thanks for help :))
and the built version is available at
http://www.sk.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf-new.html
>How-To-Repeat:
check the handbook
>Fix:

--- pf.diff begins here ---
--- /usr/home/danger/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml.orig	Thu Jan  5 20:03:37 2006
+++ /usr/home/danger/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml	Sat Jan 21 21:14:58 2006
@@ -1,7 +1,7 @@
 <!--
      The FreeBSD Documentation Project
 
-     $FreeBSD: /repoman/r/dcvs/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml,v 1.63 2006/01/05 20:03:37 delphij Exp $
+     $FreeBSD: doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml,v 1.63 2006/01/05 20:03:37 delphij Exp $
 -->
 
 <chapter id="firewalls">
@@ -256,16 +256,6 @@
     <para>More info can be found at the PF for &os; web site: <ulink
 	url="http://pf4freebsd.love2party.net/"></ulink>.</para>
 
-    <para>The OpenBSD PF user's guide is here: <ulink
-	url="http://www.openbsd.org/faq/pf/"></ulink>.</para>
-
-    <warning>
-      <para>PF in &os; 5.X is at the level of OpenBSD version 3.5.  The
-	port from the &os; Ports Collection is at the level of OpenBSD
-	version 3.4.  Keep that in mind when browsing the user's
-	guide.</para>
-    </warning>
-
     <sect2>
       <title>Enabling PF</title>
 
@@ -283,6 +273,21 @@
 	  was defined during the build, it also requires <literal>options
 	    INET6</literal>.</para>
       </note>
+
+      <para>Once the kernel module is loaded or the kernel is statically
+	built with PF support, it is possible to enable or disable
+	<application>pf</application> with <command>pfctl</command>
+	command.</para>
+
+      <para>This example demonstrates how to enable the
+	<application>pf</application>:</para>
+
+      <screen>&prompt.root; <userinput>pfctl -e</userinput></screen>
+
+      <para>The <command>pfctl</command> command provides a way to work
+	with the <application>pf</application> firewall. It is a good
+	idea to check the &man.pfctl.8; manual page to find out more
+	information about using it.</para>
     </sect2>
 
     <sect2>
@@ -413,6 +418,37 @@
 	<acronym>SMP</acronym> support for <acronym>ALTQ</acronym>.
 	This option is required on <acronym>SMP</acronym>
 	systems.</para>
+    </sect2>
+
+    <sect2>
+      <title>Creating Filtering Rules</title>
+
+      <para>The Packet Filter reads it's configuration rules from the
+	&man.pf.conf.5; file and it modifies, drops or passes packets
+	according to the rules or definitions specified there.  The &os;
+	installation comes with a default
+	<filename>/etc/pf.conf</filename> which contains useful examples
+	and explanations.</para>
+
+      <para>Although &os; has it's own <filename>/etc/pf.conf</filename>
+	the syntax is the same as one used in OpenBSD.  A great
+	resource for configuring the <application>pf</application>
+	firewall has been written by OpenBSD team and is available at
+	<ulink url="http://www.openbsd.org/faq/pf/"></ulink>.</para>
+
+      <warning>
+	<para>The <application>pf</application> firewall in &os; 5.X is
+	  at the level of OpenBSD version 3.5 and in &os; 6.X is at the
+	  level of OpenBSD version 3.7.  The port from the &os; Ports
+	  Collection is at the level of OpenBSD version 3.4.  Please,
+	  keep that in mind when browsing the
+	  <application>pf</application> user's guide.</para>
+      </warning>
+
+      <para>The &a.pf; is a good place to ask questions about
+	configuring and running the <application>pf</application>
+	firewall.  Do not forget to check the mailing list archives
+	before asking questions.</para>
     </sect2>
   </sect1>
 
--- pf.diff ends here ---
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-doc->brd 
Responsible-Changed-By: brd 
Responsible-Changed-When: Sun Jan 22 16:59:24 UTC 2006 
Responsible-Changed-Why:  
grab.. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=92113 
State-Changed-From-To: open->closed 
State-Changed-By: brd 
State-Changed-When: Sun Jan 22 22:25:38 UTC 2006 
State-Changed-Why:  
committed! Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=92113 
>Unformatted:
