(removed questions@ from Cc)
You wrote to "Sergey Mokryshev" <[EMAIL PROTECTED]> on Wed, 21 Aug 2002
>> Another point - you can upgrade ipfilter stuff without rebooting,
>> it is useful in situations where minimum downtime is possible.
>> PFIL_HOOKS does not add much functionality to the kernel and
>> I always turn this on on every box.
DWC> I think you are missing his point though. Some people kldload
DWC> ipl.ko because they don't want to recompile their kernel. IF
DWC> they recompile it with PFIL_HOOKS might as well do ipfilter at
DWC> the same time.
No, David. I understand it.
For those who load modules dynamically because they don't want
to recompile kernel this is not a solution.
My practice is to load modules dynamically to share the same kernel
between several boxes. One of this PCs works as a firewall, another
one serve my personal CVS repository and works as a test box (there are
other machines running -CURRENT and virtually all use the same kernel
Some time ago I tried to upgrade IPFilter on the fly (kldunload &&
and it worked like a charm.
It is an endless discussion, and I really don't want to continue.
I wrote a letter because I disagree with Crist J. Clark
> CJC> Both. If you are getting an 'Exec format error,' there is
> CJC> something wrong at your end. However, ipl.ko has been broken in
> CJC> CURRENT for a "long time" (over a year at least) and will not
> CJC> load (albeit with a different error message).
No, ipl.ko is not broken. It depends on pfil(9).
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message