I assume that some of those who read this document are more familiar with configuring Linux or other systems than with BSD, so I'll briefly mention a few points about BSD system and network configuration.
BSD network interfaces are not labeled eth0, eth1 and so on. The interfaces are assigned names which equal the driver name plus a sequence number, making 3Com cards using the xl driver appear as xl0, xl1, and so on, while Some Intel cards are likely to end up as em0, em1, others are supported by the fxp driver, and so on. There may even be slight variations in which cards are supported in which drivers across the BSDs.[1]
For boot-time configuration, the BSDs are generally organized to read the configuration from /etc/rc.conf, which is read by the /etc/rc script at startup. OpenBSD recommends using /etc/rc.conf.local for local customizations, since rc.conf contains the default values, while FreeBSD uses /etc/defaults/rc.conf to store the default settings, making /etc/rc.conf the correct place to make changes.
PF is configured by editing the /etc/pf.conf file and by using the pfctl command line tool. The pfctl application has a large number of options. We will take a closer look at some of them today.
In case you are wondering, there are web interfaces available for admin tasks (such as the FreeBSD based pfSense and the OpenBSD based and supposedly portable PfPro), but they are not parts of the base system. The PF developers are not hostile to these things, but rather have not seen any graphical interface to PF configuration which without a doubt is preferable to pf.conf in a text editor, backed up with pfctl invocations and a few unix tricks.
[1] | When in doubt, consult the output of the dmesg command, which displays the kernel message buffer. Under most circumstances, the kernel's hardware probing and recognition messages will be intact in the message buffer for a relatively long time after your system has finished booting. |