Date: Thu, 10 Jul 2014 14:49:58 +0200 From: Mark Martinec <Mark.Martinec+freebsd@ijs.si> To: freebsd-pf@freebsd.org Subject: Re: Future of pf in FreeBSD ? - does it have one ? Message-ID: <53BE8BF6.809@ijs.si> In-Reply-To: <53BE6EC5.3060605@ijs.si> References: <53BC717C.9080108@com.jkkn.dk> <53BD38C4.4050100@ijs.si> <CAPBZQG0VsTEciw2rz%2BvAKMgcG8n4nqp7kKQRfSdx%2BfQ%2B2h_xbQ@mail.gmail.com> <53BE6EC5.3060605@ijs.si>
next in thread | previous in thread | raw e-mail | index | archive | help
me wrote: > It compiles just fine, but can't be loaded or run. > If memory serves, pf kernel module loads fine but pfctl fails, > and the ipfw kernel module can't be loaded at all. Will need > to re-run this experiment to make sure, and will report back. Updating my statement after checking with release/10.0 kernel, rebuilt with: include GENERIC options ALTQ options ALTQ_CBQ options ALTQ_RED options ALTQ_RIO options ALTQ_HFSC options ALTQ_PRIQ options ALTQ_NOPCC makeoptions MKMODULESENV+="WITHOUT_INET_SUPPORT=" nooptions INET So, the pf does indeed load and run, but states that ALTQ is not available. Tried some simple rules and appears ok, although some rules are not liked, e.g.: set skip on lo0 produces: # pfctl -f /etc/pf.conf No ALTQ support in kernel ALTQ related functions disabled pfctl: socket: Address family not supported by protocol family The ipfw is another story. Seems the module ipfw.ko is not built at all, although there is a ipfw_nat.ko : # ls -c1 /boot/kernel/*ipfw* /boot/kernel/ipfw_nat.ko /boot/kernel/ipfw_nat.ko.symbols /boot/kernel/ng_ipfw.ko /boot/kernel/ng_ipfw.ko.symbols Mark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53BE8BF6.809>