Date: Thu, 19 Aug 2004 11:55:59 +0300 From: Ruslan Ermilov <ru@freebsd.org> To: Sean McNeil <sean@mcneil.com> Cc: freebsd-current@freebsd.org Subject: Re: ipfw2 broken Message-ID: <20040819085559.GF76085@ip.net.ua> In-Reply-To: <1092881027.999.3.camel@server.mcneil.com> References: <1092881027.999.3.camel@server.mcneil.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--SnV5plBeK2Ge1I9g Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Aug 18, 2004 at 07:03:47PM -0700, Sean McNeil wrote: > How do I get the ipfw2 module to compile with divert? It doesn't > recognize the following in my config file when building the module: >=20 > options IPFIREWALL_FORWARD > options IPDIVERT >=20 > Also, the /etc/rc.d/ipfw script is looking for an invalid sysctl var: >=20 > net.inet.ip.fw.enable >=20 > and it will fail if I have the IPFIREWALL option which compiles the code > into the kernel because it will try to load and return 1 on a failure. >=20 > This is an amd64 system. >=20 Modules build is decoupled from header files produced by config(8) except for opt_global.h, and this one doesn't have firewall options. If you need firewall with divert(4) sockets, you have to compile it statically into your kernel. Alternatively, you can compile your kernel with ``options IPDIVERT'' and compile the ipfw module with ipdivert support by modifying the src/sys/modules/ipfw/Makefile to add -DIPDIVERT to CFLAGS. Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --SnV5plBeK2Ge1I9g Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQFBJGsfqRfpzJluFF4RAqsoAJ4iCZDdqyhNnLrf9qZdQJWoh5ud9wCgiGb1 iGQzyZZBCRaqTqdkgUDxX7g= =4Qet -----END PGP SIGNATURE----- --SnV5plBeK2Ge1I9g--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040819085559.GF76085>