From owner-freebsd-current@FreeBSD.ORG Tue Oct 26 02:44:11 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2839116A4CE; Tue, 26 Oct 2004 02:44:11 +0000 (GMT) Received: from lakermmtao03.cox.net (lakermmtao03.cox.net [68.230.240.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F99C43D31; Tue, 26 Oct 2004 02:44:10 +0000 (GMT) (envelope-from conrads@cox.net) Received: from dolphin.local.net ([68.11.30.24]) by lakermmtao03.cox.net ESMTP <20041026024402.NCKK15262.lakermmtao03.cox.net@dolphin.local.net>; Mon, 25 Oct 2004 22:44:02 -0400 Received: from dolphin.local.net (localhost.local.net [127.0.0.1]) by dolphin.local.net (8.13.1/8.13.1) with SMTP id i9Q2i6OM007558; Mon, 25 Oct 2004 21:44:06 -0500 (CDT) (envelope-from conrads@cox.net) Date: Mon, 25 Oct 2004 21:44:01 -0500 From: "Conrad J. Sabatier" To: Andre Oppermann Message-ID: <20041025214401.31d63ee4@dolphin.local.net> In-Reply-To: <417D5E51.2060100@freebsd.org> References: <417B128B.7080904@gddsn.org.cn> <20041024133045.40733f45@dolphin.local.net> <20041024144743.37fb5c69@dolphin.local.net> <417D5E51.2060100@freebsd.org> X-Mailer: Sylpheed-Claws 0.9.12b (GTK+ 1.2.10; amd64-portbld-freebsd6.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-current@freebsd.org Subject: Re: make buildkernel failed related to ip_divert module X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Oct 2004 02:44:11 -0000 On Mon, 25 Oct 2004 22:13:05 +0200, Andre Oppermann wrote: > Conrad J. Sabatier wrote: > > > > This problem is occurring with the following kernel options: > > > > options IPDIVERT > > options IPFILTER > > options IPFILTER_LOG > > > > The only workaround at this time is adding "options IPFIREWALL". > > Yes, that is correct. > > IPDIVERT is a module now and you can dynamically load it just like you > can load ipfw (options IPFIREWALL). > > IPDIVERT depends on ipfw being loaded or compiled into the kernel. > > I have done the last step of IPDIVERT's transition into a KLD a few > minutes ago. It will warn you now if you try to compile it into a > kernel without IPFIREWALL as well. As a module it will simply > complain that ipfw needs to be loaded first. Hmmm. I'm confused now. Up until a day or two ago, the kernel would compile just fine without IPFIREWALL. When did IPDIVERT come to depend on IPFIREWALL, and why? Or maybe I'm just *really* confused. I thought I needed IPDIVERT for ipnat to work, or am I mistaken? What exactly do I need now to use ipf and ipnat? -- Conrad J. Sabatier -- "In Unix veritas"