Translation

(itstool) path: sect2/para
English
<application>PF</application> will not start if it cannot find its ruleset configuration file. By default, FreeBSD does not ship with a ruleset and there is no <filename>/etc/pf.conf</filename>. Example rulesets can be found in <filename>/usr/share/examples/pf/</filename>. If a custom ruleset has been saved somewhere else, add a line to <filename>/etc/rc.conf</filename> which specifies the full path to the file:
240/4150
Context English Chinese (Simplified) (zh_CN) State
When working with the firewall rules, be <emphasis>very careful</emphasis>. Some configurations <emphasis>can lock the administrator out</emphasis> of the server. To be on the safe side, consider performing the initial firewall configuration from the local console rather than doing it remotely over <application>ssh</application>. 在使用防火墙规则时要<emphasis>非常小心</emphasis>,有一些设定<emphasis>会将管理者锁在服务器之外</emphasis>,保险起见的方式是在本机的Console做初次的防火墙设定,不要直接由远端透过<application>ssh</application>来设定防火墙。
PF PF
<personname> <firstname>John</firstname> <surname>Ferrell</surname> </personname> <contrib>Revised and updated by </contrib> <personname> <firstname>John</firstname> <surname>Ferrell</surname> </personname> <contrib>Revised and updated by </contrib>
<primary>firewall</primary> <secondary>PF</secondary> <primary>防火墙</primary> <secondary>PF</secondary>
Since FreeBSD 5.3, a ported version of OpenBSD's <application>PF</application> firewall has been included as an integrated part of the base system. <application>PF</application> is a complete, full-featured firewall that has optional support for <application>ALTQ</application> (Alternate Queuing), which provides Quality of Service (<acronym>QoS</acronym>). 自FreeBSD 5.3开始,基础系统便有内置OpenBSD's <application>PF</application>防火墙的移植版本,<application>PF</application>是一套完整、多功能的防火墙,并可选择开启<application>ALTQ</application>(Alternate Queuing)的支持来提供Quality of Service(<acronym>QoS</acronym>)机制。
The OpenBSD Project maintains the definitive reference for <application>PF</application> in the <link xlink:href="http://www.openbsd.org/faq/pf/">PF FAQ</link>. Peter Hansteen maintains a thorough <application>PF</application> tutorial at <link xlink:href="http://home.nuug.no/~peter/pf/">http://home.nuug.no/~peter/pf/</link>. OpenBSD计划有维护一份官方参考文件于<link xlink:href="http://www.openbsd.org/faq/pf/">PF FAQ</link>,Peter Hansteen有维一份详尽的<application>PF</application>教学于<link xlink:href="http://home.nuug.no/~peter/pf/"> http://home.nuug.no/~peter/pf/</link>。
When reading the <link xlink:href="http://www.openbsd.org/faq/pf/">PF FAQ</link>, keep in mind that FreeBSD's version of <application>PF</application> has diverged substantially from the upstream OpenBSD version over the years. Not all features work the same way on FreeBSD as they do in OpenBSD and vice versa. 阅读 <link xlink:href="http://www.openbsd.org/faq/pf/">PF FAQ</link> 时,请注意,FreeBSD 的<application>PF</application>版本多年来与上游 OpenBSD 版本有很大不同。并非所有功能在 FreeBSD 上的工作方式与 OpenBSD 相同,反之亦然。
The <link xlink:href="http://lists.FreeBSD.org/mailman/listinfo/freebsd-pf">FreeBSD packet filter mailing list</link> is a good place to ask questions about configuring and running the <application>PF</application> firewall. Check the mailing list archives before asking a question as it may have already been answered. 要询问有关设定与执行<application>PF</application>防火墙的问题可至<link xlink:href="http://lists.FreeBSD.org/mailman/listinfo/freebsd-pf">FreeBSD packet filter邮递论坛</link>,在询问问题之前请先查看该邮递论坛的封存数据,因您的问题可能已有解答。
This section of the Handbook focuses on <application>PF</application> as it pertains to FreeBSD. It demonstrates how to enable <application>PF</application> and <application>ALTQ</application>. It also provides several examples for creating rulesets on a FreeBSD system. 本手册的这一部分主要介绍了与 FreeBSD 相关的 <application>PF</application>使用方法。它演示了如何启用 <application>PF</application> 和 <application>ALTQ</application>。它还提供了几个在 FreeBSD 系统上创建规则集的例子。
Enabling <application>PF</application> 开启<application>PF</application>
To use <application>PF</application>, its kernel module must be first loaded. This section describes the entries that can be added to <filename>/etc/rc.conf</filename> to enable <application>PF</application>. 要使用<application>PF</application>,必须首先加载其内核模块。本节介绍了可以添加到<filename>/etc/rc.conf</filename>的条目,以启用<application>PF</application>。
Start by adding <literal>pf_enable=yes</literal> to <filename>/etc/rc.conf</filename>: 首先将<literal>pf_enable=yes</literal>添加到<filename>/etc/rc.conf</filename>:
<prompt>#</prompt> <userinput>sysrc pf_enable=yes</userinput> <prompt>#</prompt> <userinput>sysrc pf_enable=yes</userinput>
Additional options, described in <citerefentry><refentrytitle>pfctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>, can be passed to <application>PF</application> when it is started. Add or change this entry in <filename>/etc/rc.conf</filename> and specify any required flags between the two quotes (<literal>""</literal>): 其他选项(在<citerefentry><refentrytitle>pfctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>中描述)可在启动时传递给<application>PF</application>。在<filename>/etc/rc.conf</filename>中添加或更改此条目,并在两个引号之间指定任何必需的标志(<literal>""</literal>):
pf_flags="" # additional flags for pfctl startup pf_flags="" # additional flags for pfctl startup
<application>PF</application> will not start if it cannot find its ruleset configuration file. By default, FreeBSD does not ship with a ruleset and there is no <filename>/etc/pf.conf</filename>. Example rulesets can be found in <filename>/usr/share/examples/pf/</filename>. If a custom ruleset has been saved somewhere else, add a line to <filename>/etc/rc.conf</filename> which specifies the full path to the file: <application>PF</application> 如果找不到规则集配置文件, 则不会启动。默认情况下, FreeBSD 并没有附带规则集, 也没有 <filename>/etc/pf.conf</filename>。规则集的例子可以在 <filename>/usr/share/examples/pf/</filename> 中找到。如果自定义规则集已经保存在其他地方,请在<filename>/etc/rc.conf</filename>中添加一行指定文件的绝对路径:
pf_rules="<replaceable>/path/to/pf.conf</replaceable>" pf_rules="<replaceable>/path/to/pf.conf</replaceable>"
Logging support for <application>PF</application> is provided by <citerefentry><refentrytitle>pflog</refentrytitle><manvolnum>4</manvolnum></citerefentry>. To enable logging support, add <literal>pflog_enable=yes</literal> to <filename>/etc/rc.conf</filename>: <application>PF</application> 的日志功能由 <citerefentry><refentrytitle>pflog</refentrytitle><manvolnum>4</manvolnum></citerefentry> 提供。在 <filename>/etc/rc.conf</filename> 中加入 <literal>pflog_enable=yes</literal> 启用日志功能:
<prompt>#</prompt> <userinput>sysrc pflog_enable=yes</userinput> <prompt>#</prompt> <userinput>sysrc pflog_enable=yes</userinput>
The following lines can also be added to change the default location of the log file or to specify any additional flags to pass to <citerefentry><refentrytitle>pflog</refentrytitle><manvolnum>4</manvolnum></citerefentry> when it is started: 还可以添加以下几行来改变日志文件的默认位置,或者指定在启动时传递给<citerefentry><refentrytitle>pflog</refentrytitle><manvolnum>4</manvolnum></citerefentry>的参数:
pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
pflog_flags="" # additional flags for pflogd startup 		pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
pflog_flags="" # additional flags for pflogd startup
Finally, if there is a <acronym>LAN</acronym> behind the firewall and packets need to be forwarded for the computers on the <acronym>LAN</acronym>, or <acronym>NAT</acronym> is required, enable the following option: 最后,如果防火墙后面有<acronym>LAN</acronym>,并且需要为<acronym>LAN</acronym>上的计算机转发数据包,或者需要<acronym>NAT</acronym>,请启用以下选项:
gateway_enable="YES" # Enable as LAN gateway gateway_enable="YES" # Enable as LAN gateway
After saving the needed edits, <application>PF</application> can be started with logging support by typing: 文件保存后,使用以下命令启用带日志的 <application>PF</application>:
<prompt>#</prompt> <userinput>service pf start</userinput>
<prompt>#</prompt> <userinput>service pflog start</userinput> 		<prompt>#</prompt> <userinput>service pf start</userinput>
<prompt>#</prompt> <userinput>service pflog start</userinput>
By default, <application>PF</application> reads its configuration rules from <filename>/etc/pf.conf</filename> and modifies, drops, or passes packets according to the rules or definitions specified in this file. The FreeBSD installation includes several sample files located in <filename>/usr/share/examples/pf/</filename>. Refer to the <link xlink:href="http://www.openbsd.org/faq/pf/">PF FAQ</link> for complete coverage of <application>PF</application> rulesets. 默认情况下, <application>PF</application> 会从 <filename>/etc/pf.conf</filename> 中读取其配置规则, 并根据此文件中指定的规则或定义修改、 丢弃或传递数据包。FreeBSD 安装中包括几个示例文件, 这些文件位于 <filename>/usr/share/examples/pf/</filename>。请参考 <link xlink:href="http://www.openbsd.org/faq/pf/">PF FAQ</link> 以了解关于 <application>PF</application>规则集的完整内容。
To control <application>PF</application>, use <command>pfctl</command>. <xref linkend="pfctl"/> summarizes some useful options to this command. Refer to <citerefentry><refentrytitle>pfctl</refentrytitle><manvolnum>8</manvolnum></citerefentry> for a description of all available options: 要控制<application>PF</application>,请使用<command>pfctl</command>。<xref linkend="pfctl"/>总结了这个命令的一些有用的选项。有关所有可用选项的描述,请参阅<citerefentry><refentrytitle>pfctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>:
Useful <command>pfctl</command> Options 有用的<command>pfctl</command>选项
Purpose 用途
<command>pfctl -e</command> <command>pfctl -e</command>
Enable <application>PF</application>. 启用 <application>PF</application>。

Loading…

User avatar bhy

Translation uploaded

FreeBSD Doc / books_handbookChinese (Simplified) (zh_CN)

<application>PF</application> will not start if it cannot find its ruleset configuration file. By default, FreeBSD does not ship with a ruleset and there is no <filename>/etc/pf.conf</filename>. Example rulesets can be found in <filename>/usr/share/examples/pf/</filename>. If a custom ruleset has been saved somewhere else, add a line to <filename>/etc/rc.conf</filename> which specifies the full path to the file:
<application>PF</application> 如果找不到规则集配置文件, 则不会启动。默认情况下, FreeBSD 并没有附带规则集, 也没有 <filename>/etc/pf.conf</filename>。规则集的例子可以在 <filename>/usr/share/examples/pf/</filename> 中找到。如果自定义规则集已经保存在其他地方,请在<filename>/etc/rc.conf</filename>中添加一行指定文件的绝对路径:
6 months ago
Browse all component changes

Glossary

English Chinese (Simplified) (zh_CN)
No related strings found in the glossary.

Source information

Source string comment
(itstool) path: sect2/para
Source string location
book.translate.xml:60154
String age
a year ago
Source string age
a year ago
Translation file
books/zh_CN/handbook.po, string 9852