[libbsd 17/22] libbsd.txt: Move PF description

Sebastian Huber sebastian.huber at embedded-brains.de
Mon May 23 14:33:40 UTC 2022


---
 README.rst | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 libbsd.txt | 46 ----------------------------------------------
 2 files changed, 52 insertions(+), 46 deletions(-)

diff --git a/README.rst b/README.rst
index dd2963ae..257c9603 100644
--- a/README.rst
+++ b/README.rst
@@ -396,6 +396,58 @@ HOSTNAME(1)
     resolver instance.  See also ``rtems_mdns_sethostname()`` and
     ``rtems_mdns_gethostname()``.
 
+Packet Filter (PF, Firewall)
+============================
+
+It is possible to use PF as a firewall. See the
+`FreeBSD Handbook <https://docs.freebsd.org/en/books/handbook/firewalls/#firewalls-pf>`_
+for details on the range of functions and for how to configure the firewall.
+
+Configuration
+-------------
+
+The following is necessary to use PF on RTEMS:
+
+* You have to provide a ``/etc/pf.os`` file. The firewall can use it for passive
+  OS fingerprinting. If you don't want to use this feature, the file may contain
+  nothing except a line of comment (for example "# empty").
+
+* If some filters use protocol names (like ``tcp`` or ``udp``) you have to provide a
+  ``/etc/protocols`` file.
+
+* If some filters use service names (like ``http`` or ``https``) you have to provide a
+  ``/etc/services`` file.
+
+* Create a rule file (normally ``/etc/pf.conf``). See the FreeBSD manual for the
+  syntax.
+
+* Load the rule file using the
+  `pfctl <http://www.freebsd.org/cgi/man.cgi?query=pfctl&sektion=8>`_
+  command and enable PF. Please note that the pfctl command needs a lot of
+  stack. You should use at least RTEMS_MINIMUM_STACK_SIZE + 8192 Bytes of
+  stack. An example initialisation can look like follows:
+
+  .. code-block:: c
+
+      int exit_code;
+      char *argv[] = {
+              "pfctl",
+              "-f",
+              "/etc/pf.conf",
+              "-e",
+              NULL
+      };
+
+      exit_code = rtems_bsd_command_pfctl(ARGC(argv), argv);
+      assert(exit_code == EXIT_SUCCSESS);
+
+Known Restrictions
+------------------
+
+Currently, PF on RTEMS always uses the configuration for memory restricted
+systems (on FreeBSD that means systems with less than 100 MB RAM). This is
+fixed in ``pfctl_init_options()``.
+
 Updating RTEMS Waf Support
 ==========================
 
diff --git a/libbsd.txt b/libbsd.txt
index 4b22cec8..627c1874 100644
--- a/libbsd.txt
+++ b/libbsd.txt
@@ -321,52 +321,6 @@ structure that were not being used were conditionally compiled out. The
 capability of supporting children did not appear to be needed and was
 not implemented in the rtems version of these routines.
 
-== PF (Firewall) ==
-
-It is possible to use PF as a firewall. See
-[https://www.freebsd.org/doc/handbook/firewalls-pf.html] for details on the
-range of functions and for how to configure the firewall.
-
-The following is necessary to use PF on RTEMS:
-
-- You have to provide a +/etc/pf.os+ file. The firewall can use it for passive
-  OS fingerprinting. If you don't want to use this feature, the file may contain
-  nothing except a line of comment (for example "# empty").
-
-- If some filters use protocol names (like tcp or udp) you have to provide a
-  +/etc/protocols+ file.
-
-- If some filters use service names (like ssh or http) you have to provide a
-  +/etc/services+ file.
-
-- Create a rule file (normally +/etc/pf.conf+). See the FreeBSD manual for the
-  syntax.
-
-- Load the rule file using the pfctl command and enable pf. Please note that the
-  pfctl command needs a lot of stack. You should use at least
-  RTEMS_MINIMUM_STACK_SIZE + 8192 Bytes of stack. An example initialisation can
-  look like follows:
-
-----
-	int exit_code;
-	char *params[] = {
-		"pfctl",
-		"-f",
-		"/etc/pf.conf",
-		"-e",
-		NULL
-	};
-
-	exit_code = rtems_bsd_command_pfctl(ARGC(params), params);
-	assert(exit_code == EXIT_SUCCSESS);
-----
-
-=== Known restrictions ===
-
-- Currently PF on RTEMS always uses the configuration for memory restricted
-  systems (on FreeBSD that means systems with less than 100 MB RAM). This is
-  fixed in +pfctl_init_options()+.
-
 == Wireless Network (WLAN) ==
 
 The libbsd provides a basic support for WLAN. Note that currently this support
-- 
2.35.3



More information about the devel mailing list