On Mon, Mar 14, 2005 at 02:45:04PM -0500, Andy Firman wrote:
I have not been able to get ipfilter working on a system and
it is because I don't have INET6 in my custom kernel, and therefore
the system cannot load the ipl.ko module. Here is the issue:
http://www.freebsd.org/cgi/query-pr.cgi?pr=70401
Found a solution to my problem. One must add an entry to /etc/make.conf
and then you can rebuild the module, load it, and get the firewall going
with no reboot. Below is a summary of doing this with my TEST kernel
having the INET6 option commented out.
-
su-3.00# kldload -v ipl
kldload: can't load ipl.ko: No such file or directory
su-3.00# uname -a
FreeBSD localhost 5.3-STABLE FreeBSD 5.3-STABLE #0: Mon Mar 14 16:08:45 EST 2005
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/TEST i386
must add NOINET6=YES to /etc/make.conf before you make the new module.
su-3.00# cd /usr/src/sys/modules/ipfilter/
su-3.00# make
su-3.00# make install
su-3.00# kldload -v ipl
Nothing returned to therefore loaded properly...!
su-3.00# kldstat
Id Refs AddressSize Name
16 0xc040 59f308 kernel
21 0xc15fb000 17000linux.ko
31 0xc167 16000ipl.ko
su-3.00# ipfstat -in
empty list for ipfilter(in)
su-3.00# ipfstat -on
empty list for ipfilter(out)
su-3.00# ipf -Fa -f /etc/ipf.rules
This locks up your session. Must login again and start new session.
Success upon new login in which the rules are working!!!
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
