From owner-freebsd-questions@FreeBSD.ORG  Tue Apr 18 09:29:09 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8491116A400;
	Tue, 18 Apr 2006 09:29:09 +0000 (UTC)
	(envelope-from dmitry@atlantis.dp.ua)
Received: from postman.atlantis.dp.ua (postman.atlantis.dp.ua [193.108.47.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2C25D43D6B;
	Tue, 18 Apr 2006 09:29:07 +0000 (GMT)
	(envelope-from dmitry@atlantis.dp.ua)
Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231])
	by postman.atlantis.dp.ua (8.13.1/8.13.1) with ESMTP id k3I9Swa3069471; 
	Tue, 18 Apr 2006 12:28:58 +0300 (EEST)
	(envelope-from dmitry@atlantis.dp.ua)
Date: Tue, 18 Apr 2006 12:28:58 +0300 (EEST)
From: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>
To: Tod McQuillin <devin@spamcop.net>
In-Reply-To: <20060418112439.O8203@plexi.pun-pun.prv>
Message-ID: <20060418120032.P36630@atlantis.atlantis.dp.ua>
References: <71010EE4-5C3E-48D9-8634-3605CE86F8C5@allresearch.com>
	<3BE1F863-F59D-49EC-A9D4-AEF6D89C5ABD@mac.com>
	<20060418112439.O8203@plexi.pun-pun.prv>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-security@freebsd.org, freeBSD List <freebsd-questions@freebsd.org>,
	Noah Silverman <noah@allresearch.com>
Subject: Re: IPFW Problems?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Apr 2006 09:29:09 -0000


Hello!

On Tue, 18 Apr 2006, Tod McQuillin wrote:
>> Add:
>> 
>> options IPFW2
>> 
>> ...to your kernel config file and rebuild the kernel (and world also, 
>> probably).
>
> Yes, you need to rebuild the userland too, which means you also need 
> IPFW2=true in /etc/make.conf before you build world.

  It's absolutely necessary, after installation of the new kernel with
'options IPFW2', to add 'IPFW2=true' in /etc/make.conf and rebuild+reinstall
_at least_ /sbin/ipfw, then /usr/lib/libalias.* and /sbin/natd (which depends
on libalias), e.g.

cd /usr/src/sbin/ipfw
make obj && make depend all install
cd /usr/src/lib/libalias
make obj && make depend all install
cd /usr/src/sbin/natd
make obj && make depend all install

(note that natd doesn't depend on IPFW2, but links against libalias which
does, so sequence libalias -> natd is critical).

   I haven't found other parts of base OS in RELENG_4 which depend on IPFW2,
though I can miss something. Also every custom utility which utilizes 
<netinet/ip_fw.h> must also be recompiled with IPFW2 defined and rebuilt
(and those using libalias must be rebuilt).

Sincerely, Dmitry
-- 
Atlantis ISP, System Administrator
e-mail:  dmitry@atlantis.dp.ua
nic-hdl: LYNX-RIPE