From owner-freebsd-questions@FreeBSD.ORG Thu May 18 16:05:04 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F05816A655 for ; Thu, 18 May 2006 16:05:04 +0000 (UTC) (envelope-from msoulier@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6CEF243D72 for ; Thu, 18 May 2006 16:05:01 +0000 (GMT) (envelope-from msoulier@gmail.com) Received: by ug-out-1314.google.com with SMTP id m3so524415uge for ; Thu, 18 May 2006 09:05:00 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; b=OEqQuZJ5Uy79ucppHYHcyAVmkekPdnb0ZUi1GuYrOTsW3zvZrxfgDs8CtjhdPeqFpmVxb58miQyi3cfSqDd5KK1MOo/orAuCtRf3KDWy/7n/iKTFe6GFt5mZQLCS8u6ZxcBsbK8LVvHFhK7s8gwy9jPcDI91mA6le50dRNNNjOs= Received: by 10.78.43.1 with SMTP id q1mr378584huq; Thu, 18 May 2006 09:05:00 -0700 (PDT) Received: by 10.78.53.2 with HTTP; Thu, 18 May 2006 09:05:00 -0700 (PDT) Message-ID: Date: Thu, 18 May 2006 12:05:00 -0400 From: "Michael P. Soulier" Sender: msoulier@gmail.com To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Google-Sender-Auth: a58fc8d99edc07b1 Subject: kernel module for ipf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 May 2006 16:05:04 -0000 Hello, The handbook mentions that ipf should work out of the box in FreeBSD thanks to a kernel module, but it doesn't say which one. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html "IPF is included in the basic FreeBSD install as a separate run time loadable module. The system will dynamically load the IPF kernel loadable module when the rc.conf statement ipfilter_enable="YES" is used. The loadable module was created with logging enabled and the default pass all options. You do not need to compile IPF into the FreeBSD kernel just to change the default to block all, you can do that by just coding a block all rule at the end of your rule set." I don't see anything under /boot/kernel that looks like a likely candidate. There's an ipfw.ko, but no ipf or ipfilter. I'd prefer to not reboot my system just to find out, so could someone point me to the correct module? I'm running FreeBSD 5.4 with the GENERIC kernel. Thanks, Mike -- Michael P. Soulier "Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction." --Albert Einstein