From owner-freebsd-pf@FreeBSD.ORG Thu Jul 10 12:50:11 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CB2DCA7B for ; Thu, 10 Jul 2014 12:50:11 +0000 (UTC) Received: from mail.ijs.si (mail.ijs.si [IPv6:2001:1470:ff80::25]) by mx1.freebsd.org (Postfix) with ESMTP id 7E6F12736 for ; Thu, 10 Jul 2014 12:50:11 +0000 (UTC) Received: from amavis-proxy-ori.ijs.si (localhost [IPv6:::1]) by mail.ijs.si (Postfix) with ESMTP id 3h8HKR4yKJz13X for ; Thu, 10 Jul 2014 14:50:03 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ijs.si; h= content-transfer-encoding:content-type:content-type:in-reply-to :references:subject:subject:mime-version:user-agent:organization :from:from:date:date:message-id:received:received:received; s= jakla2; t=1404996599; x=1407588600; bh=NoxoxTdpJz+TKjES1eY72tFm9 BQrH2Cln2PgVdU2q3M=; b=jlwXyaIVRh3TFYXYTzMGat+Um5Kchz8Y114Qi1Xbf j7JbmWjwknD3SHAC7V0B9TN79YsplBDnwl6mrT5wdX0YkiYf6O8c0JlmpUyM87fq HK5A3j1hgr6d6uLfi9BZmIdz+79WJT+EOim1mZ9lE6eLyXaDvrSxG9Ra8XkHGKSK Rk= X-Virus-Scanned: amavisd-new at ijs.si Received: from mail.ijs.si ([IPv6:::1]) by amavis-proxy-ori.ijs.si (mail.ijs.si [IPv6:::1]) (amavisd-new, port 10012) with ESMTP id yslp9_yZGEKp for ; Thu, 10 Jul 2014 14:49:59 +0200 (CEST) Received: from mildred.ijs.si (mailbox.ijs.si [IPv6:2001:1470:ff80::143:1]) by mail.ijs.si (Postfix) with ESMTP for ; Thu, 10 Jul 2014 14:49:59 +0200 (CEST) Received: from [92.244.73.133] (vpn005.ijs.si [92.244.73.133]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mildred.ijs.si (Postfix) with ESMTPSA id 3h8HKM54TnzpB for ; Thu, 10 Jul 2014 14:49:59 +0200 (CEST) Message-ID: <53BE8BF6.809@ijs.si> Date: Thu, 10 Jul 2014 14:49:58 +0200 From: Mark Martinec Organization: Jozef Stefan Institute User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-pf@freebsd.org Subject: Re: Future of pf in FreeBSD ? - does it have one ? References: <53BC717C.9080108@com.jkkn.dk> <53BD38C4.4050100@ijs.si> <53BE6EC5.3060605@ijs.si> In-Reply-To: <53BE6EC5.3060605@ijs.si> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2014 12:50:11 -0000 me wrote: > It compiles just fine, but can't be loaded or run. > If memory serves, pf kernel module loads fine but pfctl fails, > and the ipfw kernel module can't be loaded at all. Will need > to re-run this experiment to make sure, and will report back. Updating my statement after checking with release/10.0 kernel, rebuilt with: include GENERIC options ALTQ options ALTQ_CBQ options ALTQ_RED options ALTQ_RIO options ALTQ_HFSC options ALTQ_PRIQ options ALTQ_NOPCC makeoptions MKMODULESENV+="WITHOUT_INET_SUPPORT=" nooptions INET So, the pf does indeed load and run, but states that ALTQ is not available. Tried some simple rules and appears ok, although some rules are not liked, e.g.: set skip on lo0 produces: # pfctl -f /etc/pf.conf No ALTQ support in kernel ALTQ related functions disabled pfctl: socket: Address family not supported by protocol family The ipfw is another story. Seems the module ipfw.ko is not built at all, although there is a ipfw_nat.ko : # ls -c1 /boot/kernel/*ipfw* /boot/kernel/ipfw_nat.ko /boot/kernel/ipfw_nat.ko.symbols /boot/kernel/ng_ipfw.ko /boot/kernel/ng_ipfw.ko.symbols Mark