From owner-freebsd-questions  Fri Jul  5 23: 2:51 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A3B1537B400
	for <freebsd-questions@FreeBSD.ORG>; Fri,  5 Jul 2002 23:02:47 -0700 (PDT)
Received: from andrsn.stanford.edu (andrsn.Stanford.EDU [171.66.112.163])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6958443E31
	for <freebsd-questions@FreeBSD.ORG>; Fri,  5 Jul 2002 23:02:47 -0700 (PDT)
	(envelope-from andrsn@andrsn.stanford.edu)
Received: from localhost (localhost.stanford.edu [127.0.0.1])
	by andrsn.stanford.edu (8.11.6/8.11.6) with ESMTP id g6660uw54858;
	Fri, 5 Jul 2002 23:00:56 -0700 (PDT)
	(envelope-from andrsn@andrsn.stanford.edu)
Date: Fri, 5 Jul 2002 23:00:56 -0700 (PDT)
From: Annelise Anderson <andrsn@andrsn.stanford.edu>
To: Chris Pepper <pepper@reppep.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Loading ipfw.kld?
In-Reply-To: <a05200101b94c277bc395@[64.81.19.109]>
Message-ID: <Pine.BSF.4.10.10207052252520.54821-100000@andrsn.stanford.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Sat, 6 Jul 2002, Chris Pepper wrote:

> 	I'm trying to update 
> doc/en_US.ISO8859-1/books/handbook/firewalls.html. It claims that a 
> kernel recompile is required, and I've been told IPFW can run from a 
> kld.
> 
> 	I'd like to add the procedure to load the kld, but don't know 
> what to say. Is it automatic, and one just sets firewall_enable="YES" 
> in /etc/rc.conf, or is something required in boot.conf or loader.conf?
> 
> 
> 						Thanks,
> 
> 
> 						Chris Pepper
> 
It loads like any other module.  The problem last I heard is that the
module does not include IPDIVERT, which needs to be compiled into the
kernel in order to run natd, and many people set up ipfw and natd for
the purpose of using FreeBSD as a gateway through which other computers
on a lan go for their Internet connection.

If all computers on the lan have their own routable IP addresses, they
don't need network address translation, and thus the ipfw.kld will do.

Whether ipfw.kld loads automatically when a firewall is enabled in
rc.conf if ipfw is not already in the kernel -- I'm not sure.  

	Annelise

-- 
Annelise Anderson
Author of: 		 FreeBSD: An Open-Source Operating System for Your PC
Available from:	 BSDmall.com and amazon.com
Book Website:    http://www.bittreepress.com/FreeBSD/introbook/	




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message