From owner-freebsd-questions Wed Apr 18 2: 6:35 2001 Delivered-To: freebsd-questions@freebsd.org Received: from sapphire.hypostasis.com (210-54-89-147.ipnets.xtra.co.nz [210.54.89.147]) by hub.freebsd.org (Postfix) with ESMTP id F1D4837B42C for ; Wed, 18 Apr 2001 02:06:31 -0700 (PDT) (envelope-from kit@hypostasis.com) Received: from amethyst.hypostasis.com (amethyst.hypostasis.com [192.168.2.2]) by sapphire.hypostasis.com (8.11.3/8.11.2) with ESMTP id f3I8htO07327; Wed, 18 Apr 2001 20:43:55 +1200 (NZST) (envelope-from kit@amethyst.hypostasis.com) Received: (from kit@localhost) by amethyst.hypostasis.com (8.11.3/8.11.2) id f3I9GLi74750; Wed, 18 Apr 2001 21:16:21 +1200 (NZST) (envelope-from kit) Date: Wed, 18 Apr 2001 21:16:21 +1200 From: kit To: Wayne Pascoe Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Modules + ipf Message-ID: <20010418211621.A74460@amethyst.hypostasis.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from wayne.pascoe@realtime.co.uk on Wed, Apr 18, 2001 at 09:35:04AM +0100 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Apr 18, 2001 at 09:35:04AM +0100, Wayne Pascoe wrote: > I've just read the ipf security bulletin on Bugtraq, and I now need to > update ipf on all of my servers. > > I would appreciate any help with the following couple of questions: > > 1. How can I find out if ipf is currently running as a module, or as > part of my kernel? I think that it is part of my kernel as I have the > following lines in the bottom of my config : > options IPFILTER > options IPFILTER_LOG > kldstat should list the modules loaded, but you'd appear to have it compiled in anyway > 2. I understand that I have to recompile the kernel on all of my > servers to make this a module, but I'd rather not do a whole make > install process for ipfilter on each machine. Is there any way to > build it on one machine, and then farm that out to all the machines ? > for each different kernel conf make buildkernel KERNCONF= on the building machine make installkernel KERNCONF= on the others caveat I've had it work once and fail a couple of times before I figured out you need to mirror the directory structure and symlinks on the target machine mostly I tend to do an installworld on the target and build the whole kernel there the failures can all be attributable to pilot error If on your host you have say /usr/src -> /agent99/usr/src you will need to mount /agent99/usr/src on /agent99/usr/src on the target and recreate the symlink hth --kit To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message