Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 24 Jun 2000 17:56:24 +0300
From:      Giorgos Keramidas <keramida@ceid.upatras.gr>
To:        Joel Eusebio <joel@tilapia.pang.pworld.net.ph>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: ipfw
Message-ID:  <20000624175624.C459@hades.hell.gr>
In-Reply-To: <Pine.LNX.3.95.1000624044604.6469A-100000@tilapia.pang.pworld.net.ph>; from joel@tilapia.pang.pworld.net.ph on Sat, Jun 24, 2000 at 04:54:51AM %2B0000
References:  <Pine.LNX.3.95.1000624044604.6469A-100000@tilapia.pang.pworld.net.ph>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, Jun 24, 2000 at 04:54:51AM +0000, Joel Eusebio wrote:
> I still can't make ipfw work on my 4-0 box. I tried to recompile my
> kernel but still I see errors when I run ipfw manually. I still get
> ipfw: setsockopt (IP_FW_ADD) protocol not available errors.Do I have
> to include additional lines in /conf/GENERIC before I recompile??? If
> so what lines do I have to add??? I really need help

You probably forgot to include IPFIREWALL support in your kernel.  An
easy way to check this is:

        % sysctl -a | grep fw

and see if you get the sysctl knobs for ipfw printed out.  I do not use
ipfw, but I can see that ipfilter is included in my kernel by doing:

        % sysctl -a | grep ipf
        net.inet.ipf.fr_flags: 0
        net.inet.ipf.fr_pass: 514
        ...
        net.inet.ipf.fr_defaultauthage: 600

To include ipfw(8) support in your kernel, add the IPFIREWALL options:

        options         IPFIREWALL

Other options that /sys/i386/conf/LINT contains and you might like
include the following:

        options         IPFIREWALL_VERBOSE
        options         IPFIREWALL_FORWARD
        options         "IPFIREWALL_VERBOSE_LIMIT=100"
        options         IPFIREWALL_DEFAULT_TO_ACCEPT
	options         DUMMYNET


Add these to your configuration file, recompile the kernel, install it,
reboot, and you're ready to use ipfw(8).  If you are doing this from a
remote connection, then before rebooting, edit /etc/rc.conf and your
firewall rules to make sure you're not trapped `outside' by your own
ipfw firewall.  [ Setting up a firewall for the first time from a remote
location is *never* a good idea, but I couldn't resist the temptation to
remind you of this. ]

Ciao.

-- 
Giorgos Keramidas, < keramida @ ceid . upatras . gr >
For my public key: finger keramida@ceid.upatras.gr


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000624175624.C459>