Simplest Possible PF Setup on NetBSD

On NetBSD 2.0 and newer, PF is available as a loadable kernel module that can be installed via packages (security/pflkm) or compiled into a static kernel configuration. In NetBSD 3.0 onward, PF is part of the base system.

If you want to enable PF in your kernel configuration (rather than loading the kernel module), add these lines to your kernel configuration:

pseudo-device pf              # PF packet filter
pseudo-device pflog           # PF log interface

In /etc/rc.conf you need the lines

lkm="YES" # do load kernel modules
pf=YES
pflogd=YES

to enable loadable kernel modules, PF, and the PF log interface, respectively.

If you installed the module, load it with

$ sudo modload /usr/lkm/pf.o

followed by

$ sudo pfctl -e

to enable PF. ...

Get The Book of PF now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

The Book of PF by Peter N.M. Hansteen

Simplest Possible PF Setup on NetBSD

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly