From owner-freebsd-questions  Sat Jun 24  8: 0: 6 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.hellasnet.gr (mail.hellasnet.gr [212.54.192.3])
	by hub.freebsd.org (Postfix) with ESMTP id 5BACB37B529
	for <freebsd-questions@FreeBSD.ORG>; Sat, 24 Jun 2000 08:00:00 -0700 (PDT)
	(envelope-from keramida@ceid.upatras.gr)
Received: from hades.hell.gr (ppp2.patr.hellasnet.gr [212.54.197.17])
	by mail.hellasnet.gr (8.9.1/8.9.1) with ESMTP id QAA16408;
	Sat, 24 Jun 2000 16:58:58 +0200 (GMT)
Received: (from charon@localhost)
	by hades.hell.gr (8.10.2/8.10.2) id e5OEuOL00609;
	Sat, 24 Jun 2000 17:56:24 +0300 (EEST)
Date: Sat, 24 Jun 2000 17:56:24 +0300
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: Joel Eusebio <joel@tilapia.pang.pworld.net.ph>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: ipfw
Message-ID: <20000624175624.C459@hades.hell.gr>
References: <Pine.LNX.3.95.1000624044604.6469A-100000@tilapia.pang.pworld.net.ph>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <Pine.LNX.3.95.1000624044604.6469A-100000@tilapia.pang.pworld.net.ph>; from joel@tilapia.pang.pworld.net.ph on Sat, Jun 24, 2000 at 04:54:51AM +0000
X-PGP-Fingerprint: 3A 75 52 EB F1 58 56 0D - C5 B8 21 B6 1B 5E 4A C2
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, Jun 24, 2000 at 04:54:51AM +0000, Joel Eusebio wrote:
> I still can't make ipfw work on my 4-0 box. I tried to recompile my
> kernel but still I see errors when I run ipfw manually. I still get
> ipfw: setsockopt (IP_FW_ADD) protocol not available errors.Do I have
> to include additional lines in /conf/GENERIC before I recompile??? If
> so what lines do I have to add??? I really need help

You probably forgot to include IPFIREWALL support in your kernel.  An
easy way to check this is:

        % sysctl -a | grep fw

and see if you get the sysctl knobs for ipfw printed out.  I do not use
ipfw, but I can see that ipfilter is included in my kernel by doing:

        % sysctl -a | grep ipf
        net.inet.ipf.fr_flags: 0
        net.inet.ipf.fr_pass: 514
        ...
        net.inet.ipf.fr_defaultauthage: 600

To include ipfw(8) support in your kernel, add the IPFIREWALL options:

        options         IPFIREWALL

Other options that /sys/i386/conf/LINT contains and you might like
include the following:

        options         IPFIREWALL_VERBOSE
        options         IPFIREWALL_FORWARD
        options         "IPFIREWALL_VERBOSE_LIMIT=100"
        options         IPFIREWALL_DEFAULT_TO_ACCEPT
	options         DUMMYNET


Add these to your configuration file, recompile the kernel, install it,
reboot, and you're ready to use ipfw(8).  If you are doing this from a
remote connection, then before rebooting, edit /etc/rc.conf and your
firewall rules to make sure you're not trapped `outside' by your own
ipfw firewall.  [ Setting up a firewall for the first time from a remote
location is *never* a good idea, but I couldn't resist the temptation to
remind you of this. ]

Ciao.

-- 
Giorgos Keramidas, < keramida @ ceid . upatras . gr >
For my public key: finger keramida@ceid.upatras.gr


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message