Date: Mon, 08 Nov 2004 14:50:23 -0500 From: Paul Mather <paul@gromit.dlib.vt.edu> To: freebsd-questions@freebsd.org Cc: dave <dmehler26@woh.rr.com> Subject: Re: ipfilter loading on 5.3 Message-ID: <1099943422.71383.39.camel@zappa.Chelsea-Ct.Org> In-Reply-To: <20041108190327.B76DD16A4D4@hub.freebsd.org> References: <20041108190327.B76DD16A4D4@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 8 Nov 2004 12:01:41 -0500, "dave" <dmehler26@woh.rr.com> writes: > Hello, > I believe i am having a configuration error. I've got a new 5.3 > box to > which i'm atempting to get ipfilter going. I read the updated handbook > and > have added: > > ipfilter_enable="YES" > ipfilter_rules="/etc/ipf.rules" > ipmon_enable="YES" > ipmon_flags="-Dsvn" > > to my rc.conf file. When i try to manually load up my rules file with: > ipf -FA -f /etc/ipf.rules > i am getting an error "can not open no such device" > I have not compiled anything for ipfilter in to the kernel as i had > done > previously i understood from the handbook that ipf was capable of > being > dynamically loaded and the rc.conf line would suffice. I recently updated a system from 5.2.1 to 5.3 and had problems with ipfilter (dynamically loading it, as you are above). In my case, I noticed this during boot, when ipfilter was being activated: link_elf: symbol in6_cksum undefined The net effect was that the kernel module would not load, due to the unresolved symbol. In my case, I was using a custom kernel that lacked "options INET6". Re-building my kernel with that option added (i.e., with IPv6 support enabled) fixed the problem and the ipfilter kernel module now works. I'm guessing there's some kind of hidden dependency on IPv6 in 5.3 as far as the ipfilter kernel module is concerned. (This didn't seem to be the case in 5.2.1, from what I remember.) Cheers, Paul. -- e-mail: paul@gromit.dlib.vt.edu "Without music to decorate it, time is just a bunch of boring production deadlines or dates by which bills must be paid." --- Frank Vincent Zappa
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1099943422.71383.39.camel>