Re: kernel module for ipf
On 5/18/06, Giorgos Keramidas [EMAIL PROTECTED] wrote: Yes, this should be in the handbook. I'll try to add it :) Let me know if you want a hand. I'm happy to help with that. Mike -- Michael P. Soulier [EMAIL PROTECTED] Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction. --Albert Einstein ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
kernel module for ipf
Hello, The handbook mentions that ipf should work out of the box in FreeBSD thanks to a kernel module, but it doesn't say which one. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html IPF is included in the basic FreeBSD install as a separate run time loadable module. The system will dynamically load the IPF kernel loadable module when the rc.conf statement ipfilter_enable=YES is used. The loadable module was created with logging enabled and the default pass all options. You do not need to compile IPF into the FreeBSD kernel just to change the default to block all, you can do that by just coding a block all rule at the end of your rule set. I don't see anything under /boot/kernel that looks like a likely candidate. There's an ipfw.ko, but no ipf or ipfilter. I'd prefer to not reboot my system just to find out, so could someone point me to the correct module? I'm running FreeBSD 5.4 with the GENERIC kernel. Thanks, Mike -- Michael P. Soulier [EMAIL PROTECTED] Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction. --Albert Einstein ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: kernel module for ipf
On 2006-05-18 12:05, Michael P. Soulier [EMAIL PROTECTED] wrote: Hello, The handbook mentions that ipf should work out of the box in FreeBSD thanks to a kernel module, but it doesn't say which one. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html IPF is included in the basic FreeBSD install as a separate run time loadable module. The system will dynamically load the IPF kernel loadable module when the rc.conf statement ipfilter_enable=YES is used. The loadable module was created with logging enabled and the default pass all options. You do not need to compile IPF into the FreeBSD kernel just to change the default to block all, you can do that by just coding a block all rule at the end of your rule set. I don't see anything under /boot/kernel that looks like a likely candidate. There's an ipfw.ko, but no ipf or ipfilter. I'd prefer to not reboot my system just to find out, so could someone point me to the correct module? I'm running FreeBSD 5.4 with the GENERIC kernel. The module is called ipl.ko: # ls -l /boot/kernel/ipl.* -r-xr-xr-x 1 root wheel - 171625 May 16 16:05 /boot/kernel/ipl.ko -r-xr-xr-x 1 root wheel - 371887 May 16 16:05 /boot/kernel/ipl.ko.symbols # Strange and weird, but this is the name the IP Filter kernel module has had for years, so it's not easy to change it now without breaking all the scripts around the world that assume its name is ipl. - Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: kernel module for ipf
On 5/18/06, Scott Mitchell [EMAIL PROTECTED] wrote: You want the ipl.ko module. No, I have no idea why it's called ipl not ipf either... [EMAIL PROTECTED] ~]# ls /boot/kernel/ipl* /boot/kernel/ipl.ko* Ah. Cool. Thanks. Yes, this should be in the handbook. Mike -- Michael P. Soulier [EMAIL PROTECTED] Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction. --Albert Einstein ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: kernel module for ipf
On Thu, May 18, 2006 at 12:05:00PM -0400, Michael P. Soulier wrote: Hello, The handbook mentions that ipf should work out of the box in FreeBSD thanks to a kernel module, but it doesn't say which one. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html IPF is included in the basic FreeBSD install as a separate run time loadable module. The system will dynamically load the IPF kernel loadable module when the rc.conf statement ipfilter_enable=YES is used. The loadable module was created with logging enabled and the default pass all options. You do not need to compile IPF into the FreeBSD kernel just to change the default to block all, you can do that by just coding a block all rule at the end of your rule set. I don't see anything under /boot/kernel that looks like a likely candidate. There's an ipfw.ko, but no ipf or ipfilter. I'd prefer to not reboot my system just to find out, so could someone point me to the correct module? I'm running FreeBSD 5.4 with the GENERIC kernel. Hi Mike, You want the ipl.ko module. No, I have no idea why it's called ipl not ipf either... Cheers, Scott -- === Scott Mitchell | PGP Key ID | Eagles may soar, but weasels Cambridge, England | 0x54B171B9 | don't get sucked into jet engines scott at fishballoon.org | 0xAA775B8B | -- Anon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: kernel module for ipf
On 2006-05-18 12:52, Michael P. Soulier [EMAIL PROTECTED] wrote: On 5/18/06, Scott Mitchell [EMAIL PROTECTED] wrote: You want the ipl.ko module. No, I have no idea why it's called ipl not ipf either... [EMAIL PROTECTED] ~]# ls /boot/kernel/ipl* /boot/kernel/ipl.ko* Ah. Cool. Thanks. Yes, this should be in the handbook. I'll try to add it :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]