From owner-freebsd-questions@FreeBSD.ORG  Tue Sep  7 21:51:24 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 014E016A4CE
	for <freebsd-questions@freebsd.org>;
	Tue,  7 Sep 2004 21:51:24 +0000 (GMT)
Received: from gromit.dlib.vt.edu (gromit.dlib.vt.edu [128.173.49.29])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A31E043D2D
	for <freebsd-questions@freebsd.org>;
	Tue,  7 Sep 2004 21:51:23 +0000 (GMT)
	(envelope-from paul@gromit.dlib.vt.edu)
Received: from hawkwind.Chelsea-Ct.Org
	(pool-151-199-91-61.roa.east.verizon.net [151.199.91.61])
	by gromit.dlib.vt.edu (8.12.11/8.12.11) with ESMTP id i87LpAZX006049
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Tue, 7 Sep 2004 17:51:12 -0400 (EDT)
	(envelope-from paul@gromit.dlib.vt.edu)
Received: from [192.168.1.25] (zappa [192.168.1.25])i87Loxs3007137;
	Tue, 7 Sep 2004 17:51:05 -0400 (EDT)
From: Paul Mather <paul@gromit.dlib.vt.edu>
To: Wayne Pascoe <freebsd-feb@penguinpowered.org>
In-Reply-To: <20040907212731.EEB2916A4E8@hub.freebsd.org>
References: <20040907212731.EEB2916A4E8@hub.freebsd.org>
Content-Type: text/plain
Message-Id: <1094593858.12931.15.camel@zappa.Chelsea-Ct.Org>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.6 
Date: Tue, 07 Sep 2004 17:50:59 -0400
Content-Transfer-Encoding: 7bit
cc: freebsd-questions@freebsd.org
Subject: Re: IP Filter on FreeBSD 5.2.1
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Sep 2004 21:51:24 -0000

On Tue, 7 Sep 2004 22:12:23 +0100, Wayne Pascoe
<freebsd-feb@penguinpowered.org wrote:

> On Tue, Sep 07, 2004 at 08:07:34PM +0200, Remko Lodder wrote:
>  
> > I think you missed this option:
> > 
> > options         PFIL_HOOKS              # pfil(9) framework
> > 
> > in your kernel config file..
> > 
> > Try it and see it's magic ;)
> 
> Thanks a bunch - that did the trick. I've checked the doc I used to do
> this, and it wasn't mentioned. I'll submit something to the maintainer
> tomorrow.

The maintainer is likely to direct you to this entry in 5.2.1's
/usr/src/UPDATING:

20030925:
	Configuring a system to use IPFILTER now requires that PFIL_HOOKS
	also be explicitly configured.  Previously this dependency was
	magically handled through some cruft in net/pfil.h; but that has
	been removed.  Building a kernel with IPFILTER but not PFIL_HOOKS
	will fail with obtuse errors in ip_fil.c.


(It's a good idea to look in /usr/src/UPDATING before updating your
system.)

Cheers,

Paul.
-- 
e-mail: paul@gromit.dlib.vt.edu

"Without music to decorate it, time is just a bunch of boring production
 deadlines or dates by which bills must be paid."
        --- Frank Vincent Zappa