How does /dev/pf get created?

Jeremy Chadwick koitsu at FreeBSD.org
Fri Jan 25 08:12:15 PST 2008 

On Fri, Jan 25, 2008 at 07:43:54AM -0800, Gavin Spomer wrote:
>    I only have 3 lines in my /etc/make.conf: a comment and 2 lines about what perl to use.
>    Is NO_PF=YES the default if not specified?

NO_PF in /etc/make.conf (RELENG_6), or WITHOUT_PF in /etc/src.conf
(RELENG_7) will simply disable building pf-related utilities in the base
system (e.g. pfctl and others).

It should not affect what features/capabilities your kernel configuration
specifies.

> In that case adding NO_PF=NO and then building may work.

No, this will not work.  NO_xxx variables do not check the actual value
of the assignment; NO_PF=HEHEHE would be the same thing as NO_PF=true.
The same goes for src.conf as described above.

>     I did it via the command line:
>       make buildkernel KERNCONF=MACHINEHOSTNAME
>       make installkernel KERNCONT=MACHINEHOSTNAME

Your installkernel line is incorrect.  KERNCONT != KERNCONF.

Also, consider simply placing KERNCONF=WHATEVER in /etc/make.conf, then
you won't have to remember to specify the variable on the command-line
when building/installing kernels.

>     Shouldn't having "device pf" in MACHINEHOSTNAME file and building provide /dev/pf?

Yes and no.  The /dev/pf device is created on-the-fly when the pf module
is loaded by the kernel.  It is not a device that's made during build
time or via any other means.

A missing /dev/pf (as claimed by your pfctl) seems to indicate you do
not have the pf module loaded into the kernel (either as a module loaded
via kldload, or built-in to the kernel via 'device pf')

On none of our production machines do we have "device pf" in our kernel
configs.  Instead, we rely on the following /etc/rc.conf variable to
kldload the pf kernel module during boot:

pf_enable="yes"

If you want pflog support, you will also need the following line:

pflog_enable="yes"

Drivers being loaded This can be verified by doing `kldstat' and seeing the
module(s) loaded as so:

# kldstat
Id Refs Address    Size     Name
 1    6 0xc0400000 3f5b50   kernel
 2    1 0xc07f6000 64340    acpi.ko
 4    2 0xc81b5000 2e000    pf.ko
 6    1 0xcaf50000 3000     pflog.ko

>    I have such a vanilla installation of FreeBSD, it's hard for me to see where I went wrong. I seem to have all the
>    components of pf except /dev/pf. I have /sbin/pfctl, /etc/pf.conf, /boot/kernel/pf.ko, /boot/kernel/pflog.ko and the
>    appropriate stuff I mentioned in /etc/rc.conf and probably others as well. I just don't have /dev/pf. How does this get
>    created?

It would help if you could provide:

* Output of uname -a on the machine which doesn't have /dev/pf
* Output of kldstat
* Your /etc/rc.conf
* Your /boot/loader.conf
* Your /etc/make.conf
* Your kernel configuration file

-- 
| Jeremy Chadwick                                    jdc at parodius.com |
| Parodius Networking                           http://www.parodius.com/ |
| UNIX Systems Administrator                      Mountain View, CA, USA |
| Making life hard for others since 1977.                  PGP: 4BD6C0CB |

More information about the freebsd-pf mailing list