Date: Thu, 19 Aug 2004 16:12:28 +0300 From: Maxim Sobolev <sobomax@portaone.com> To: Rob MacGregor <freebsd.macgregor@blueyonder.co.uk> Cc: current@freebsd.org Subject: Re: RELENG_5 kernel b0rken with IPFIREWALL and without PFIL_HOOKS Message-ID: <4124A73C.9000500@portaone.com> In-Reply-To: <200408191300.i7JD0wvm006811@the-macgregors.org> References: <200408191300.i7JD0wvm006811@the-macgregors.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I am not talking about pf, but about IPFIREWALL (aka ipfw). They are
different beasts.
-Maxim
Rob MacGregor wrote:
> On Thursday, August 19, 2004 1:33 PM, Maxim Sobolev <> danced on the keyboard
> and produced:
>
>>After recent changes I am unable to compile RELENG_5 kernel (and
>>probably HEAD as well, but I have not tested it) with IPFIREWALL but
>>without PFIL_HOOKS. Neither manpage, nor NOTES lists PFIL_HOOKS as a
>>requirement for IPFIREWALL. Please fix.
>
>
>>From /usr/src/UPDATING:
>
> 20040308:
> The packet filter (pf) is now installed with the base system. Make
> sure to run mergemaster -p before installworld to create required
> user account ("proxy"). If you do not want to build pf with your
> system you can use the NO_PF knob in make.conf.
> Also note that pf requires "options PFIL_HOOKS" in the kernel. The
> pf system consists of the following three devices:
> device pf # required
> device pflog # optional
> device pfsync # optional
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4124A73C.9000500>