This can go so very wrong in so many ways. There is no apparent reason to compile your kernel unless you need some specific options which the generic kernel does not provide. There are other drawbacks as well by compiling a custom kernel. Such as every time you update your system, your custom kernel will be overwritten and you need to recompile your kernel from scratch.
So why are we doing this again? Well I do it because I like to have the FreeBSD firewall functionality compiled into the kernel. This is also the only way to enable the “Queuing” functionality. It is quite possible to run pf without compiling your kernel, and if you don’t need “Queuing” then I would just run pf from rc.conf so that the service would start at boot time.
Right let’s compile a custom kernel
We will compile some core firewall options into the kernel and the kernel will end up being called “OKINAWA” unless you change it.
First we need to change to the directory that holds the generic kernel configuration file. Then we will copy the “stock” generic configuration file to a “work” kernel configuration file and use that one for our modifications.
cd /usr/src/sys/amd64/conf cp GENERIC OKINAWA vi OKINAWA
Change the Identity i.e. name from GENERIC to something else. Kernel names are always written in capital letters.
ident GENERIC
In this guide we will use OKINAWA. A mentioned this can be anything you like as long as you avoid spaces and use all capital letters. So the line will look like this.
ident OKINAWA
Add or remove functionality to the kernel. Here we are adding some core firewall functionality. I suggest adding these somewhere in at the top of the configuration file where the other “options” are listed. Right add the following for Queuing support.
options ALTQ # Required For Alternate Queuing options ALTQ_CBQ # Class Bases Queuing (CBQ) options ALTQ_RED # Random Early Detection (RED) options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) options ALTQ_PRIQ # Priority Queuing (PRIQ) options ALTQ_NOPCC # Required for SMP build
And for the firewall itself we will need to add the following. I suggest putting it somewhere below all the options where the other devices are being listed.
device pf device pflog device pfsync
So well time to compile the new kernel, this will take quite some time depending on your system, and or virtual machine configuration.
cd /usr/src make buildkernel KERNCONF=OKINAWA
If there is any error, then “STOP” right there. Do not continue. Fix the error and run the above command again until no errors are being reported. Once this runs without errors the new kernel has been compiled. All we have to do now is to install it and reboot the system.
cd /usr/src make installkernel KERNCONF=OKINAWA reboot now
And we are done here.