From owner-freebsd-current@FreeBSD.ORG  Thu Aug 19 13:12:44 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1DE1F16A4CE
	for <current@freebsd.org>; Thu, 19 Aug 2004 13:12:44 +0000 (GMT)
Received: from web.portaone.com (mail.russia.cz [195.70.151.35])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 794FF43D1F
	for <current@freebsd.org>; Thu, 19 Aug 2004 13:12:43 +0000 (GMT)
	(envelope-from sobomax@portaone.com)
Received: from [192.168.0.20] (portacare.portaone.com [195.140.247.242])
	(authenticated bits=0)
	by web.portaone.com (8.12.8p2/8.12.8) with ESMTP id i7JDCd1S077735
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Thu, 19 Aug 2004 15:12:41 +0200 (CEST)
	(envelope-from sobomax@portaone.com)
Message-ID: <4124A73C.9000500@portaone.com>
Date: Thu, 19 Aug 2004 16:12:28 +0300
From: Maxim Sobolev <sobomax@portaone.com>
Organization: Porta Software Ltd
User-Agent: Mozilla Thunderbird 0.7.3 (Windows/20040803)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Rob MacGregor <freebsd.macgregor@blueyonder.co.uk>
References: <200408191300.i7JD0wvm006811@the-macgregors.org>
In-Reply-To: <200408191300.i7JD0wvm006811@the-macgregors.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: current@freebsd.org
Subject: Re: RELENG_5 kernel b0rken with IPFIREWALL and without PFIL_HOOKS
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Aug 2004 13:12:44 -0000

I am not talking about pf, but about IPFIREWALL (aka ipfw). They are 
different beasts.

-Maxim

Rob MacGregor wrote:
> On Thursday, August 19, 2004 1:33 PM, Maxim Sobolev <> danced on the keyboard
> and produced:
> 
>>After recent changes I am unable to compile RELENG_5 kernel (and
>>probably HEAD as well, but I have not tested it) with IPFIREWALL but
>>without PFIL_HOOKS. Neither manpage, nor NOTES lists PFIL_HOOKS as a
>>requirement for IPFIREWALL. Please fix.
> 
> 
>>From /usr/src/UPDATING:
> 
> 20040308:
>         The packet filter (pf) is now installed with the base system. Make
>         sure to run mergemaster -p before installworld to create required
>         user account ("proxy"). If you do not want to build pf with your
>         system you can use the NO_PF knob in make.conf.
>         Also note that pf requires "options PFIL_HOOKS" in the kernel. The
>         pf system consists of the following three devices:
>         device          pf              # required
>         device          pflog           # optional
>         device          pfsync          # optional
>