Installing IPFilter into OpenBSD 3.0 Kernel =========================================== The installation of IPFilter should be as easy as following the steps below. In cases where "i386" is mentioned, if you are working on a different platform, substitute that name there and it should work equally as well. The patches include enabling IPFilter for IPv4 filtering, IPv6 filtering and bridge filtering. The commands given below are intended as guides rather than exact matches on what needs to be typed. In many cases, paths to files or directories may bear little resemblence to what is presented below. You may encounter difficulties with step 7 if you have made changes to the rc files which cause "patch" to not be able to work out how to apply the changes correctly. If the below steps are followed with no problems then it should be safe to perform step 8 and reboot with the new kernel. Of course if you are not using GENERIC then substitute GENERIC for your kernel name. If your kernel config file includes the "GENERIC" one then you will not need to add explicit options for IPFilter. 1. Extract your source tree into /usr/src, creating /usr/src/sys. cd /usr/src gunzip -c sys.tar.gz | tar xpf - 2. Change directory to /usr/src 3. Unpack IPFilter and apply the patches to the kernel source cd ~ gunzip -c ip_fil3.4.23.tar.gz | tar xpf - cd /usr/src patch < ~/ip_fil3.4.23/OpenBSD/3.0-sys-diffs 4. Add IPFilter to the source code tree: cd ~/ip_fil3.4.23 BSD/kupgrade 5. Build a new OpenBSD kernel /bin/rm -rf /sys/arch/i386/compile/GENERIC cd /sys/arch/i386/conf config GENERIC cd ../compile/GENERIC make depend && make cp bsd /bsd 6. Build and install IPFilter cd ip_fil3.4.23 make openbsd make install-bsd OpenBSD/makedevs-3.0 7. Patch rc scripts in /etc cd /etc patch < ~/ip_fil3.4.23/OpenBSD/3.0-rc-diffs 8. Reboot IPFilter device files ===================== Patches to include making IPFilter devices can be found in the file 3.0-MAKEDEV-diffs. These diffs are generally only of interested if you are going to be building a distribution for others and want the correct MAKEDEV scripts to be built. You may also wish to use this to patch /dev/MAKEDEV on your machine to be correct. Pre-fab'd MAKEDEV scripts (or individual patches) for each architecture are not provided. You will need to have extracted "./etc" from src.tar.gz to use these patches.