From owner-freebsd-questions@FreeBSD.ORG Mon Feb 7 16:09:07 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF9E916A4CE for ; Mon, 7 Feb 2005 16:09:07 +0000 (GMT) Received: from smartwall.thebeaconjournal.com (smartwall.thebeaconjournal.com [67.17.216.168]) by mx1.FreeBSD.org (Postfix) with ESMTP id 432E943D2F for ; Mon, 7 Feb 2005 16:09:07 +0000 (GMT) (envelope-from jim0266@yahoo.com) Received: from bea-trend.thebeaconjournal.com (bea-trend [10.213.0.19]) j17Ff82N009124 for ; Mon, 7 Feb 2005 10:41:09 -0500 (EST) Received: from bea-mx.thebeaconjournal.com ([10.213.0.2]) by Suite; Mon, 07 Feb 2005 11:24:21 -0500 Received: from spike ([10.213.8.154]) by bea-mx.thebeaconjournal.com (Netscape Messaging Server 4.15) with ESMTP id IBJUIS00.CDG; Mon, 7 Feb 2005 11:16:04 -0500 Received: from [192.168.0.3] (jim [192.168.0.3])by spike (Postfix) with ESMTP id 32DF71F37;Mon, 7 Feb 2005 11:08:57 -0500 (EST) Mime-Version: 1.0 Message-Id: In-Reply-To: <20050207071352.GA4807@xor.obsecurity.org> References: <20050207071352.GA4807@xor. obsecurity.org> Date: Mon, 7 Feb 2005 11:08:54 -0500 To: "Kris Kennaway" From: Jim Arnold Content-Type: text/plain; charset=us-ascii; format=flowed X-imss-version: 2.012 X-imss-result: Passed X-imss-scores: Clean:99.90000 C:20 M:2 S:5 R:5 X-imss-settings: Baseline:3 C:3 M:3 S:3 R:3 (0.5000 1.5000) cc: freebsd-questions@freebsd.org Subject: Re: IP Filter changes in FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Feb 2005 16:09:08 -0000 >On Mon, Feb 07, 2005 at 12:24:09AM -0500, Jim Arnold wrote: >> I updated my firewall that is using IPF. I went from FreeBSD 4.7 >> stable to 4.11 stable. When using 4.7 stable I only had this is my >> rc.conf file: >> >> ipfilter_enable="YES" >> ipfilter_program="/sbin/ipf" >> ipfilter_rules="/etc/ipf.conf" >> ipfilter_flags="" >> >> When I went to 4.11 stable I had to uncomment these options in my >> kernel config file: >> >> options IPFILTER >> options IPFILTER_LOG >> >> I'm just curious why it worked without the above options in my kernel >> for 4.7 and I had to have them in 4.11? > >If you don't have it in your kernel, the module will be loaded at boot >time if it's available. If you don't have the module either, you >can't use ipfilter. I must have been using the module with 4.7 stable since I did not have that in the kernel I was running with 4.7. After I upgraded to 4.11 and IPF was not working I edited my kernel config file to uncomment the lines for IPF and then compiled the new kernel. I still don't have an answer why this happened. Was the module taken out of 4.11 or an earlier version on FreeBSD? I'm just curious as a learning experience what went on in my situation. Thanks, Jim