RELENG_5 kernel b0rken with IPFIREWALL and without PFIL_HOOKS
Maxim Sobolev
sobomax at portaone.com
Thu Aug 19 06:12:44 PDT 2004
I am not talking about pf, but about IPFIREWALL (aka ipfw). They are
different beasts.
-Maxim
Rob MacGregor wrote:
> On Thursday, August 19, 2004 1:33 PM, Maxim Sobolev <> danced on the keyboard
> and produced:
>
>>After recent changes I am unable to compile RELENG_5 kernel (and
>>probably HEAD as well, but I have not tested it) with IPFIREWALL but
>>without PFIL_HOOKS. Neither manpage, nor NOTES lists PFIL_HOOKS as a
>>requirement for IPFIREWALL. Please fix.
>
>
>>From /usr/src/UPDATING:
>
> 20040308:
> The packet filter (pf) is now installed with the base system. Make
> sure to run mergemaster -p before installworld to create required
> user account ("proxy"). If you do not want to build pf with your
> system you can use the NO_PF knob in make.conf.
> Also note that pf requires "options PFIL_HOOKS" in the kernel. The
> pf system consists of the following three devices:
> device pf # required
> device pflog # optional
> device pfsync # optional
>
More information about the freebsd-current
mailing list