From owner-freebsd-questions@FreeBSD.ORG Wed Jan 21 05:45:51 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0D90CDF2 for ; Wed, 21 Jan 2015 05:45:51 +0000 (UTC) Received: from mail-lb0-x22a.google.com (mail-lb0-x22a.google.com [IPv6:2a00:1450:4010:c04::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 82072950 for ; Wed, 21 Jan 2015 05:45:50 +0000 (UTC) Received: by mail-lb0-f170.google.com with SMTP id 10so37280583lbg.1 for ; Tue, 20 Jan 2015 21:45:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=0eP9SInGx5NMaieqf5x/ACCEZ1oQf4nt7uTTKcDQERM=; b=NfDGf4/jjOz90PVdAqc5hcKHHeDyiqfutta67y7jIGysuVJuAL0bc4DByl6VAjBvGf NejkI9ZtjWdz9JvC0Gx5VmMaCitZJ2ol0NhoqOhKbdr4LEkl1/lOx+irRSXYrZwTOS6F 0cQ9vZtXueXDqSNQatCN/Ce+POaNOgev0vSHiqCFRolC2jIkYW0X6p5EYWeixniVGFRn 384sWj7DYGBSM8SsixGDivr3/nvxaYpb5BFIABGz0uSydXHlaMPO8el9Agp0OFrUuHOF 5l7ea3KZCcUqO03yFf/dGJW1pt3aGcnDg7R3Inuz0n1MwN7zeCEPom520fT5j7p4aNw9 E//g== X-Received: by 10.152.5.38 with SMTP id p6mr42206208lap.91.1421819148483; Tue, 20 Jan 2015 21:45:48 -0800 (PST) MIME-Version: 1.0 Received: by 10.112.20.229 with HTTP; Tue, 20 Jan 2015 21:45:07 -0800 (PST) In-Reply-To: References: From: Odhiambo Washington Date: Wed, 21 Jan 2015 08:45:07 +0300 Message-ID: Subject: Re: IPFilter & FreeBSD-10.1 To: Ben Woods Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: User Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2015 05:45:51 -0000 Hi Ben, Thanks for this. I actually read this bit of it having been updated to version 5.1.2 in FreeBSD 10.0. However, my problem emanated from the fact that rules that I use on FreeBSD-8.4/9.3 simply could not work on 10.1 I simply carried the rules over, and did not compile a custom kernel on 10.1. I was believing that the module will be automatically loaded and rules would work. They didn't! Only 'ipf -D' would let connections to be made from LAN PCs to my gateway PC.. Someone somewhere suggested that IPFilter was removed from 10.0, but I can still see /boot/kernel/ipl.ko wash@mail:~$ uname -a FreeBSD mailhost 10.1-RELEASE FreeBSD 10.1-RELEASE #0 r274401: Tue Nov 11 21:02:49 UTC 2014 root@releng1.nyi.freebsd.org :/usr/obj/usr/src/sys/GENERIC amd64 wash@mail:~$ ls -al /boot/kernel//ipl* -r-xr-xr-x 1 root wheel 478792 Nov 12 00:06 /boot/kernel//ipl.ko -r-xr-xr-x 1 root wheel 3170296 Nov 12 00:06 /boot/kernel//ipl.ko.symbols So what is the trick to get IPFilter to work on 10.1? I read a post in which someone had to copy the sources from 9.x to 10.x and recompile in order to get it to work with the rules from 9.x On 21 January 2015 at 01:55, Ben Woods wrote: > No IPFilter has not been removed in FreeBSD 10.1. It was, however updated > to version 5.1.2 as part of FreeBSD 10.0. > > This can be seen in the source code here: > https://svnweb.freebsd.org/base/head/contrib/ipfilter/ > > Instructions on how to use IPFilter are available in the handbook here: > https://www.freebsd.org/doc/handbook/firewalls-ipf.html > > What makes you think it was removed in FreeBSD 10.1? > > > On Wednesday, January 21, 2015, Odhiambo Washington > wrote: > >> Was IPFilter dropped in 10.1? >> >> Can I still use it? Say, by compiling a custom kernel? >> >> >> -- >> Best regards, >> Odhiambo WASHINGTON, >> Nairobi,KE >> +254733744121/+254722743223 >> "I can't hear you -- I'm using the scrambler." >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> > > > -- > > -- > From: Benjamin Woods > woodsb02@gmail.com > -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."