Date: Mon, 22 Jan 2001 12:51:50 -0500 From: Carroll Kong <damascus@home.com> To: trini0 <trini0@optonline.net> Cc: FreeBSD Stable <stable@FreeBSD.ORG> Subject: Re: Ipfilter version in stable... Message-ID: <4.2.2.20010122124113.00bdcf00@netmail.home.com> In-Reply-To: <3A6C6572.DF137C54@optonline.net> References: <4.2.2.20010122101435.00bdaf00@netmail.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:53 AM 1/22/01 -0500, trini0 wrote: >Very interesting. I came across that ftp problem, and was considering upping >to 3.4.16, but I didn't want to go through the rebuilding of ipfilter >everytime >I upgrade FBSD. I quickly glanced at the man page for loader.conf and it >seems >that you can have modules & flags set in the file. So I just got to check on >the rest of ipfilter, and see if ipnat, and ipmon can be modules. So is >performance good using the module route instead of putting it in the kernel?? > >Carroll Kong wrote: > > > I had the same thoughts as you exactly, however, there is a better > > way. Seems like FreeBSD is more "modular" now, and IPfilter benefits from > > this as well. > > > > Unpack the src, make freebsd4, make minstall; Add > > > > ipf_load="YES" > > > > to /boot/loader.conf. Make sure IPFILTER is no longer in the kernel. (or > > else it will load up twice). This seems to expedite the upgrade procedure > > significantly. > > > > -Carroll Kong Fairly certain you only need to load the IPFilter module and calls like ipfilter_enable="YES" ipnat_enable="YES" ipmon_enable="YES" ipmon_program="/usr/sbin/ipmon" all work fine. Maybe I am getting lucky? I have not really stressed the particular system I am using it for. I would imagine modules would incur a slight run time penalty, but I doubt it is anything significant. Also, it seems easier for upgrades. I tended to get nasty kernel src mismatches and what not when I tried to compile ipfilter into the kernel. Maybe it was just me. And with the rate that IPFilter gets updated, seems nice to know that this method of upgrading works nearly 100% of the time with very simple compile commands. Oh no... I just overlooked my commands. It should be unpack the src, make freebsd4, make install-bsd. Terribly sorry for the misinformation! -Carroll Kong To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20010122124113.00bdcf00>