From owner-freebsd-questions@FreeBSD.ORG  Mon Feb  7 07:13:57 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 49E5B16A4CE
	for <freebsd-questions@freebsd.org>;
	Mon,  7 Feb 2005 07:13:57 +0000 (GMT)
Received: from obsecurity.dyndns.org
	(CPE0050040655c8-CM00111ae02aac.cpe.net.cable.rogers.com [69.199.47.57])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AF43343D41
	for <freebsd-questions@freebsd.org>;
	Mon,  7 Feb 2005 07:13:56 +0000 (GMT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id A810851297; Sun,  6 Feb 2005 23:13:52 -0800 (PST)
Date: Sun, 6 Feb 2005 23:13:52 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Jim Arnold <jim0266@yahoo.com>
Message-ID: <20050207071352.GA4807@xor.obsecurity.org>
References: <a06210207be2caabf7209@[192.168.0.4]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="X1bOJ3K7DJ5YkBrT"
Content-Disposition: inline
In-Reply-To: <a06210207be2caabf7209@[192.168.0.4]>
User-Agent: Mutt/1.4.2.1i
cc: freebsd-questions@freebsd.org
Subject: Re: IP Filter changes in FreeBSD
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Feb 2005 07:13:57 -0000


--X1bOJ3K7DJ5YkBrT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Feb 07, 2005 at 12:24:09AM -0500, Jim Arnold wrote:
> I updated my firewall that is using IPF. I went from FreeBSD 4.7=20
> stable to 4.11 stable. When using 4.7 stable I only had this is my=20
> rc.conf file:
>=20
> ipfilter_enable=3D"YES"
> ipfilter_program=3D"/sbin/ipf"
> ipfilter_rules=3D"/etc/ipf.conf"
> ipfilter_flags=3D""
>=20
> When I went to 4.11 stable I had to uncomment these options in my=20
> kernel config file:
>=20
> options         IPFILTER
> options         IPFILTER_LOG
>=20
> I'm just curious why it worked without the above options in my kernel=20
> for 4.7 and I had to have them in 4.11?

If you don't have it in your kernel, the module will be loaded at boot
time if it's available.  If you don't have the module either, you
can't use ipfilter.

Kris


--X1bOJ3K7DJ5YkBrT
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQFCBxUwWry0BWjoQKURAoIlAJwNAvc6LkRfcLL0HWEuLb2F38MzSQCg/hqk
z68JOEkEa3jVqYQEEbQ76DQ=
=FqS7
-----END PGP SIGNATURE-----

--X1bOJ3K7DJ5YkBrT--