RELENG_5 kernel b0rken with IPFIREWALL and without PFIL_HOOKS

[Rob MacGregor]

On Thursday, August 19, 2004 1:33 PM, Maxim Sobolev <> danced on the keyboard
and produced:
> After recent changes I am unable to compile RELENG_5 kernel (and
> probably HEAD as well, but I have not tested it) with IPFIREWALL but
> without PFIL_HOOKS. Neither manpage, nor NOTES lists PFIL_HOOKS as a
> requirement for IPFIREWALL. Please fix.

>From /usr/src/UPDATING:

20040308:
        The packet filter (pf) is now installed with the base system. Make
        sure to run mergemaster -p before installworld to create required
        user account ("proxy"). If you do not want to build pf with your
        system you can use the NO_PF knob in make.conf.
        Also note that pf requires "options PFIL_HOOKS" in the kernel. The
        pf system consists of the following three devices:
        device          pf              # required
        device          pflog           # optional
        device          pfsync          # optional

-- 
 Rob | Oh my God! They killed init! You bastards!