kernel module for ipf
Giorgos Keramidas
keramida at ceid.upatras.gr
Thu May 18 09:38:01 PDT 2006
On 2006-05-18 12:05, "Michael P. Soulier" <msoulier at digitaltorque.ca> wrote:
> Hello,
>
> The handbook mentions that ipf should work out of the box in FreeBSD
> thanks to a kernel module, but it doesn't say which one.
>
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html
>
> "IPF is included in the basic FreeBSD install as a separate run time
> loadable module. The system will dynamically load the IPF kernel
> loadable module when the rc.conf statement ipfilter_enable="YES" is
> used. The loadable module was created with logging enabled and the
> default pass all options. You do not need to compile IPF into the
> FreeBSD kernel just to change the default to block all, you can do
> that by just coding a block all rule at the end of your rule set."
>
> I don't see anything under /boot/kernel that looks like a likely
> candidate. There's an ipfw.ko, but no ipf or ipfilter. I'd prefer to
> not reboot my system just to find out, so could someone point me to
> the correct module? I'm running FreeBSD 5.4 with the GENERIC kernel.
The module is called "ipl.ko":
# ls -l /boot/kernel/ipl.*
-r-xr-xr-x 1 root wheel - 171625 May 16 16:05 /boot/kernel/ipl.ko
-r-xr-xr-x 1 root wheel - 371887 May 16 16:05 /boot/kernel/ipl.ko.symbols
#
Strange and weird, but this is the name the IP Filter kernel module
has had for years, so it's not easy to change it now without breaking
all the scripts around the world that assume its name is "ipl".
- Giorgos
More information about the freebsd-questions
mailing list