Re: IP Filter changes in FreeBSD
On Mon, Feb 07, 2005 at 02:46:50PM -0500, Jim Arnold wrote: On Mon, Feb 07, 2005 at 11:08:54AM -0500, Jim Arnold wrote: If you don't have it in your kernel, the module will be loaded at boot time if it's available. If you don't have the module either, you can't use ipfilter. I must have been using the module with 4.7 stable since I did not have that in the kernel I was running with 4.7. After I upgraded to 4.11 and IPF was not working I edited my kernel config file to uncomment the lines for IPF and then compiled the new kernel. I still don't have an answer why this happened. Was the module taken out of 4.11 or an earlier version on FreeBSD? No, it's still there as long as you build modules. If you have NO_MODULES in your make.conf, you won't, of course. Kris Attachment converted: osx:Untitled 3599 (/) (000B9F03) I'm using the same /etc/make.conf file when I first put this box online in 2002. In that make.conf file the line is commented out: #NO_MODULES=true# do not build modules with the kernel But the question for me is still, how did this work in 4.7 if the above was commented out in my /etc/make.conf file and I did not have these uncommented in my kernel config file when I built my custom kernel for 4.7? I'd be interested to see if manually loading the module with kldload with the original kernel works. If it does then maybe you're missing something from rc.conf that tells freebsd to load the module. With FreeBSD 5.3, all I need is ipfilter_enable=YES to have it auto-load the module and start ipfilter, but there might be something more for 4.x options IPFILTER options IPFILTER_LOG Thanks, Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP Filter changes in FreeBSD
On Mon, Feb 07, 2005 at 12:24:09AM -0500, Jim Arnold wrote: I updated my firewall that is using IPF. I went from FreeBSD 4.7 stable to 4.11 stable. When using 4.7 stable I only had this is my rc.conf file: ipfilter_enable=YES ipfilter_program=/sbin/ipf ipfilter_rules=/etc/ipf.conf ipfilter_flags= When I went to 4.11 stable I had to uncomment these options in my kernel config file: options IPFILTER options IPFILTER_LOG I'm just curious why it worked without the above options in my kernel for 4.7 and I had to have them in 4.11? If you don't have it in your kernel, the module will be loaded at boot time if it's available. If you don't have the module either, you can't use ipfilter. I must have been using the module with 4.7 stable since I did not have that in the kernel I was running with 4.7. After I upgraded to 4.11 and IPF was not working I edited my kernel config file to uncomment the lines for IPF and then compiled the new kernel. I still don't have an answer why this happened. Was the module taken out of 4.11 or an earlier version on FreeBSD? I'm just curious as a learning experience what went on in my situation. Thanks, Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP Filter changes in FreeBSD
On Mon, Feb 07, 2005 at 11:08:54AM -0500, Jim Arnold wrote: If you don't have it in your kernel, the module will be loaded at boot time if it's available. If you don't have the module either, you can't use ipfilter. I must have been using the module with 4.7 stable since I did not have that in the kernel I was running with 4.7. After I upgraded to 4.11 and IPF was not working I edited my kernel config file to uncomment the lines for IPF and then compiled the new kernel. I still don't have an answer why this happened. Was the module taken out of 4.11 or an earlier version on FreeBSD? No, it's still there as long as you build modules. If you have NO_MODULES in your make.conf, you won't, of course. Kris pgpO2G6Zeff7w.pgp Description: PGP signature
Re: IP Filter changes in FreeBSD
On Mon, Feb 07, 2005 at 11:08:54AM -0500, Jim Arnold wrote: If you don't have it in your kernel, the module will be loaded at boot time if it's available. If you don't have the module either, you can't use ipfilter. I must have been using the module with 4.7 stable since I did not have that in the kernel I was running with 4.7. After I upgraded to 4.11 and IPF was not working I edited my kernel config file to uncomment the lines for IPF and then compiled the new kernel. I still don't have an answer why this happened. Was the module taken out of 4.11 or an earlier version on FreeBSD? No, it's still there as long as you build modules. If you have NO_MODULES in your make.conf, you won't, of course. Kris Attachment converted: osx:Untitled 3599 (/) (000B9F03) I'm using the same /etc/make.conf file when I first put this box online in 2002. In that make.conf file the line is commented out: #NO_MODULES=true# do not build modules with the kernel But the question for me is still, how did this work in 4.7 if the above was commented out in my /etc/make.conf file and I did not have these uncommented in my kernel config file when I built my custom kernel for 4.7? options IPFILTER options IPFILTER_LOG Thanks, Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
IP Filter changes in FreeBSD
I updated my firewall that is using IPF. I went from FreeBSD 4.7 stable to 4.11 stable. When using 4.7 stable I only had this is my rc.conf file: ipfilter_enable=YES ipfilter_program=/sbin/ipf ipfilter_rules=/etc/ipf.conf ipfilter_flags= When I went to 4.11 stable I had to uncomment these options in my kernel config file: options IPFILTER options IPFILTER_LOG I'm just curious why it worked without the above options in my kernel for 4.7 and I had to have them in 4.11? Thanks, Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP Filter changes in FreeBSD
On Mon, Feb 07, 2005 at 12:24:09AM -0500, Jim Arnold wrote: I updated my firewall that is using IPF. I went from FreeBSD 4.7 stable to 4.11 stable. When using 4.7 stable I only had this is my rc.conf file: ipfilter_enable=YES ipfilter_program=/sbin/ipf ipfilter_rules=/etc/ipf.conf ipfilter_flags= When I went to 4.11 stable I had to uncomment these options in my kernel config file: options IPFILTER options IPFILTER_LOG I'm just curious why it worked without the above options in my kernel for 4.7 and I had to have them in 4.11? If you don't have it in your kernel, the module will be loaded at boot time if it's available. If you don't have the module either, you can't use ipfilter. Kris pgpzG1ojd4edu.pgp Description: PGP signature