From owner-freebsd-questions Wed Apr 18 4:30:57 2001 Delivered-To: freebsd-questions@freebsd.org Received: from clientmail.realtime.co.uk (simian.realtime.co.uk [194.205.134.131]) by hub.freebsd.org (Postfix) with ESMTP id C108A37B43C for ; Wed, 18 Apr 2001 04:30:51 -0700 (PDT) (envelope-from waynep@zaphod.realtime.co.uk) Received: from zaphod.realtime.co.uk ([194.205.134.208]) by clientmail.realtime.co.uk with esmtp (Exim 3.20 #1) id 14pqAO-0000Nz-01; Wed, 18 Apr 2001 12:30:36 +0100 Received: from waynep by zaphod.realtime.co.uk with local (Exim 3.20 #1) id 14pqAa-000Npk-00; Wed, 18 Apr 2001 12:30:48 +0100 From: Wayne Pascoe To: kit Cc: , freebsd-questions@FreeBSD.ORG Subject: Re: Modules + ipf References: <20010418211621.A74460@amethyst.hypostasis.com> Reply-To: wayne.pascoe@realtime.co.uk Date: 18 Apr 2001 12:30:48 +0100 In-Reply-To: <20010418211621.A74460@amethyst.hypostasis.com> Message-ID: Lines: 49 User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG kit writes: > On Wed, Apr 18, 2001 at 09:35:04AM +0100, Wayne Pascoe wrote: > > I've just read the ipf security bulletin on Bugtraq, and I now need to > > update ipf on all of my servers. > > > > I would appreciate any help with the following couple of questions: > > > > 1. How can I find out if ipf is currently running as a module, or as > > part of my kernel? I think that it is part of my kernel as I have the > > following lines in the bottom of my config : > > options IPFILTER > > options IPFILTER_LOG > > > kldstat > should list the modules loaded, > but you'd appear to have it compiled in anyway Yeah, I do... Grrr... How do I compile the ipf kernel module then instead of compiling it into the kernel? As I understand it, ipf needs a kernel module / compiled into the kernel as well as a userspace binary... Is this correct ? > > > 2. I understand that I have to recompile the kernel on all of my > > servers to make this a module, but I'd rather not do a whole make > > install process for ipfilter on each machine. Is there any way to > > build it on one machine, and then farm that out to all the > > machines ? > > > for each different kernel conf > make buildkernel KERNCONF= > on the building machine > make installkernel KERNCONF= Is there no way to just build a healthy kernel and copy that kernel to each machine ? That would be my preference... scp /kernel machine:/kernel.new Doable ? -- - Wayne Pascoe E-mail: wayne.pascoe@realtime.co.uk Phone : +44 (0) 20 7544 4668 Mobile: +44 (0) 788 431 1675 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message