From owner-freebsd-stable@FreeBSD.ORG Tue Mar 15 19:58:45 2005 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C98F016A4CE for ; Tue, 15 Mar 2005 19:58:45 +0000 (GMT) Received: from sockeye.firmanix.com (sockeye.firmanix.com [216.127.139.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 84AE443D2D for ; Tue, 15 Mar 2005 19:58:45 +0000 (GMT) (envelope-from andy@firman.us) Received: from andy by sockeye.firmanix.com with local (Exim 4.44 (FreeBSD)) id 1DBIBk-000IAe-6N for freebsd-stable@freebsd.org; Tue, 15 Mar 2005 14:58:48 -0500 Date: Tue, 15 Mar 2005 14:58:48 -0500 From: Andy Firman To: freebsd-stable@freebsd.org Message-ID: <20050315195848.GA69764@sockeye.firmanix.com> References: <20050310175208.GA947@bsdbox.farid-hajji.net> <200503110934.08660.doconnor@gsoft.com.au> <20050314211630.GA53774@sockeye.firmanix.com> <200503151054.51422.doconnor@gsoft.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200503151054.51422.doconnor@gsoft.com.au> User-Agent: Mutt/1.4.2.1i Subject: Re: Can't kldload pf X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andy Firman List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Mar 2005 19:58:45 -0000 On Tue, Mar 15, 2005 at 10:54:44AM +1030, Daniel O'Connor wrote: > On Tue, 15 Mar 2005 07:46, Andy Firman wrote: > > Hmmmm...interesting!! Would this for for /usr/src/sys/modules/ipfilter ? > > > > I am having this problem: > > http://www.freebsd.org/cgi/query-pr.cgi?pr=70401 > > Yes, that module makefile honours the NO_INET6 flag too. > You might want to put it in /etc/make.conf. That works. I was able to build and load the module with no reboot. So for the OP, this should apply to you with pf instead of ipfilter. Here are some notes from doing this on my test system: ------------------------------------------------------------------------- Found a solution to my problem. One must add an entry to /etc/make.conf and then you can rebuild the module, load it, and get the firewall going with no reboot. Below is a summary of doing this with my TEST kernel having the INET6 option commented out. su-3.00# kldload -v ipl kldload: can't load ipl.ko: No such file or directory su-3.00# uname -a FreeBSD localhost 5.3-STABLE FreeBSD 5.3-STABLE #0: Mon Mar 14 16:08:45 EST 2005 andy@localhost:/usr/obj/usr/src/sys/TEST i386 must add NOINET6=YES to /etc/make.conf before you make the new module..... su-3.00# cd /usr/src/sys/modules/ipfilter/ su-3.00# make su-3.00# make install su-3.00# kldload -v ipl Nothing returned to therefore loaded properly...!!!!! su-3.00# kldstat Id Refs Address Size Name 1 6 0xc0400000 59f308 kernel 2 1 0xc15fb000 17000 linux.ko 3 1 0xc1670000 16000 ipl.ko su-3.00# ipfstat -in empty list for ipfilter(in) su-3.00# ipfstat -on empty list for ipfilter(out) su-3.00# ipf -Fa -f /etc/ipf.rules This locks up your session. Must login again and start new session..... Success upon new login in which the rules are working!!!