From owner-freebsd-questions@FreeBSD.ORG Thu Sep 22 08:43:38 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6074116A41F for ; Thu, 22 Sep 2005 08:43:38 +0000 (GMT) (envelope-from hoyimtang@yahoo.com) Received: from web35808.mail.mud.yahoo.com (web35808.mail.mud.yahoo.com [66.163.179.177]) by mx1.FreeBSD.org (Postfix) with SMTP id F251643D46 for ; Thu, 22 Sep 2005 08:43:37 +0000 (GMT) (envelope-from hoyimtang@yahoo.com) Received: (qmail 16463 invoked by uid 60001); 22 Sep 2005 08:43:37 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=HMoc58ueCytgu2E+tZPR7UoAj1ohrORah4mddLJ4a/7AIDQacESk0X/+SMBqnOjfDfz/cBDbqjk5LBxXxW1Z322xZy8hF21vaEbaWU949PwGvLYIubZWShr9whBW2Bq61Ath7MOKdp6Fw5SmU6b09i5K6OzX0+0l0n0IzWhwxn8= ; Message-ID: <20050922084337.16461.qmail@web35808.mail.mud.yahoo.com> Received: from [210.6.198.203] by web35808.mail.mud.yahoo.com via HTTP; Thu, 22 Sep 2005 01:43:37 PDT Date: Thu, 22 Sep 2005 01:43:37 -0700 (PDT) From: Tang Ho Yim To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: about ipfilter X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Sep 2005 08:43:38 -0000 Hi, I am having confuse with the ipfilter and the kernel setup. I have setup a firewall on FreeBSD 5.4 with ipfilter. The rc.conf which include: ipfilter_enable="YES" ipfilter_rules="/etc/ipf.rules" ipmon_enable="YES" ipmon_flags="-Ds" I didn't compile the kernel with: options IPFILTER options IPFILTER_LOG Then the ipfilter cannot start on boot with the error: link_elf: symbol in6_cksum undefined kldload: can't load ipl: No such file or directory /etc/rc: ERROR: IP-filter module failed to load I know this error is something about missing the /dev/ipl file or else. If I compile the kernel with the above options then I can start it on boot. So, I am confuse. The handbook say you don't need compile it mandatory. But why I can't start without the options compile ? Am I miss something in order to load the module without compile the options ? Or actually, it must be compile within the kernel ? --------------------------------- Yahoo! for Good Click here to donate to the Hurricane Katrina relief effort.