Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 09 Feb 2010 17:15:59 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Steve Bertrand <steve@ibctech.ca>
Cc:        Robert Huff <roberthuff@rcn.com>, questions@freebsd.org
Subject:   Re: documentation about enabling IPFW
Message-ID:  <4B71984F.1050609@infracaninophile.co.uk>
In-Reply-To: <4B718F2A.8060801@ibctech.ca>
References:  <19313.36357.907425.293700@jerusalem.litteratus.org> <4B718F2A.8060801@ibctech.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/02/2010 16:36, Steve Bertrand wrote:
> Robert Huff wrote:
>> 	Can someone affirmatively verify that this part (30.6.1) of the
>> Handbook is correct?  Particularly the last sentence.
>> 	Quote:
>>
>> 		IPFW is included in the basic FreeBSD install as a
>> 		separate run time loadable module. The system will
>> 		dynamically load the kernel module when the rc.conf
>> 		statement firewall_enable="YES" is used. There is no need
>> 		to compile IPFW into the FreeBSD kernel unless NAT
>> 		functionality is desired.
> 
> Yes, it is correct.
> 
> You can also load during runtime:
> 
> # kldload ipfw.ko

That' not really the issue with what the quoted paragraph says.
Enabling ipfw functionality by loading a kernel module is not under
contention.  The question is about ipfw+NAT.  That paragraph says you
have to compile ipfw into the kernel to use ipfw+NAT, however on a
RELENG_8 system (at least) there's a loadable ipfw_nat.ko module.
Which very much implies you *don't* need to compile ipfw into the
kernel for ipfw+NAT nowadays.

I think that last part is out of date for recent releases where 'kernel
nat' is supported, but I'd ask again on freebsd-ipfw@ or freebsd-net@ to
be certain.

	Cheers,

	Matthew

- -- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAktxmE8ACgkQ8Mjk52CukIxQpQCfdkppTJqzhQyO6GkogHZtj+Yb
SfAAn1xAMKrRBWtC3ma/B3kylPlkOUjH
=ydlB
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B71984F.1050609>