From owner-freebsd-questions@FreeBSD.ORG Wed Sep 8 02:30:52 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 99B9716A4CE for ; Wed, 8 Sep 2004 02:30:52 +0000 (GMT) Received: from mta13.adelphia.net (mta13.mail.adelphia.net [68.168.78.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3A38643D58 for ; Wed, 8 Sep 2004 02:30:52 +0000 (GMT) (envelope-from Barbish3@adelphia.net) Received: from barbish ([67.20.101.71]) by mta13.adelphia.net (InterMail vM.6.01.03.02 201-2131-111-104-20040324) with SMTP id <20040908023051.RYKF24693.mta13.adelphia.net@barbish>; Tue, 7 Sep 2004 22:30:51 -0400 From: "JJB" To: "David Syphers" , Date: Tue, 7 Sep 2004 22:30:50 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <200409071738.19710.dsyphers@u.washington.edu> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Subject: RE: 5.3 & ipfilter X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Barbish3@adelphia.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Sep 2004 02:30:52 -0000 owner-freebsd-questions@freebsd.org wrote: > On Tuesday 07 September 2004 05:03 pm, fbsd_user wrote: >> Is there still a loadable module that gets auto loaded at boot time >> when rc.conf contains the ipfilter_enable="YES" statement like in >> 4.10? > > ipfilter_enable is still an option in rc.conf. > >> Will the final stable version still need kernel option PFIL_HOOKS >> added to the other ipfilter kernel options to compile ipfilter into >> the kernel like in the 5.2 and 5.2.1 development versions or will >> 5.3 return to the way 4.10 worked (IE no PFIL_HOOKS option needed)? > > I'm not sure, but 5.3-BETA3 does require PFIL_HOOKS. The change made > to -CURRENT to always include PFIL_HOOKS (and thus remove it as a > kernel option) was made after RELENG_5 was branched, and the commit > log doesn't mention merging that change to RELENG_5. > > -David David Thanks for your reply. But you did not answer my first question. I did not ask if ipfilter_enable="YES" was still valid in 5.3, but if the ipfilter bootable module is still included in 5.3 and auto loaded by the ipfilter_enable="YES" in rc.conf? Since 5.3 is currently going through the weekly testing cycle as prep for becoming stable I would think this is the appropriate time to submit a 5.3 bug report to change the default kernel source so it contains the PFIL_HOOKS.