Date: Thu, 19 Aug 2004 11:55:59 +0300 From: Ruslan Ermilov <ru@freebsd.org> To: Sean McNeil <sean@mcneil.com> Cc: freebsd-current@freebsd.org Subject: Re: ipfw2 broken Message-ID: <20040819085559.GF76085@ip.net.ua> In-Reply-To: <1092881027.999.3.camel@server.mcneil.com> References: <1092881027.999.3.camel@server.mcneil.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Wed, Aug 18, 2004 at 07:03:47PM -0700, Sean McNeil wrote: > How do I get the ipfw2 module to compile with divert? It doesn't > recognize the following in my config file when building the module: > > options IPFIREWALL_FORWARD > options IPDIVERT > > Also, the /etc/rc.d/ipfw script is looking for an invalid sysctl var: > > net.inet.ip.fw.enable > > and it will fail if I have the IPFIREWALL option which compiles the code > into the kernel because it will try to load and return 1 on a failure. > > This is an amd64 system. > Modules build is decoupled from header files produced by config(8) except for opt_global.h, and this one doesn't have firewall options. If you need firewall with divert(4) sockets, you have to compile it statically into your kernel. Alternatively, you can compile your kernel with ``options IPDIVERT'' and compile the ipfw module with ipdivert support by modifying the src/sys/modules/ipfw/Makefile to add -DIPDIVERT to CFLAGS. Cheers, -- Ruslan Ermilov ru@FreeBSD.org FreeBSD committer [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQFBJGsfqRfpzJluFF4RAqsoAJ4iCZDdqyhNnLrf9qZdQJWoh5ud9wCgiGb1 iGQzyZZBCRaqTqdkgUDxX7g= =4Qet -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040819085559.GF76085>