You probably ought to make sure that ipmon is *not* running before unloading the kernel mod. I haven't tried it in a while (I'm gunshy now), but it used to be that unloading the kernel mod before stopping ipmon was a certain way to generate a kernel panic. If you sidestep that issue, a loadable kernel module is definitely the way to go.
On Wed, Mar 05, 2003 at 12:29:31PM -0500, Jim Dunphy wrote: > According to Adam Lofstedt: > > > > Hey there, > > > > I am using IPF and IPNat on a FreeBSD 4.7 Release system, using loadable > > kernel modules. I did it this way rather than compiling into the kernel > > because I read somewhere that it is easier to upgrade IPF to a newer > > version. > > > > Thanks for any help you can provide, > > This isn't tested but this is what I was thinking of doing after > observing my install on FreeBSD 4.7. I think it probably makes > sense to stop ipf in case of an unload conflict. Some very > early experience with Solaris when it first came out has left its > mark on me when unloading 3rd party drivers. You can just reboot but I > didn't want to pull a microsoft on you ;-) > > % make freebsd4 > % make install-bsd > > % ls -l /modules/ipf.ko > rwxrwxr-x 1 root wheel 303936 Feb 3 05:07 /modules/ipf.ko > > % kldstat > Id Refs Address Size Name > 1 2 0xc0100000 42797c kernel > 2 1 0xc0528000 1b650 ipf.ko > > % kldunload -i 2 > > % cd /modules; /sbin/kldload ipf.ko > > % ipf -V > ipf: IP Filter: v3.4.31 (336) > Kernel: IP Filter: v3.4.31 > Running: yes > Log Flags: 0 = none set > Default: pass all, Logging: available > Active list: 1 > > Jim >
