IPFilter & FreeBSD-10.1

Odhiambo Washington odhiambo at gmail.com
Wed Jan 21 05:45:51 UTC 2015 

Hi Ben,

Thanks for this. I actually read this bit of it having been updated to
version 5.1.2 in FreeBSD 10.0.

However, my problem emanated from the fact that rules that I use on
FreeBSD-8.4/9.3 simply could not work on 10.1

I simply carried the rules over, and did not compile a custom kernel on
10.1. I was believing that the module will be automatically loaded and
rules would work. They didn't! Only 'ipf -D' would let connections to be
made from LAN PCs to my gateway PC..

Someone somewhere suggested that IPFilter was removed from 10.0, but I can
still see /boot/kernel/ipl.ko

wash at mail:~$ uname -a
FreeBSD mailhost 10.1-RELEASE FreeBSD 10.1-RELEASE #0 r274401: Tue Nov 11
21:02:49 UTC 2014     root at releng1.nyi.freebsd.org
:/usr/obj/usr/src/sys/GENERIC  amd64
wash at mail:~$ ls -al /boot/kernel//ipl*
-r-xr-xr-x  1 root  wheel   478792 Nov 12 00:06 /boot/kernel//ipl.ko
-r-xr-xr-x  1 root  wheel  3170296 Nov 12 00:06 /boot/kernel//ipl.ko.symbols

So what is the trick to get IPFilter to work on 10.1?

I read a post in which someone had to copy the sources from 9.x to 10.x and
recompile in order to get it to work with the rules from 9.x


On 21 January 2015 at 01:55, Ben Woods <woodsb02 at gmail.com> wrote:

> No IPFilter has not been removed in FreeBSD 10.1. It was, however updated
> to version 5.1.2 as part of FreeBSD 10.0.
>
> This can be seen in the source code here:
> https://svnweb.freebsd.org/base/head/contrib/ipfilter/
>
> Instructions on how to use IPFilter are available in the handbook here:
> https://www.freebsd.org/doc/handbook/firewalls-ipf.html
>
> What makes you think it was removed in FreeBSD 10.1?
>
>
> On Wednesday, January 21, 2015, Odhiambo Washington <odhiambo at gmail.com>
> wrote:
>
>> Was IPFilter dropped in 10.1?
>>
>> Can I still use it? Say, by compiling a custom kernel?
>>
>>
>> --
>> Best regards,
>> Odhiambo WASHINGTON,
>> Nairobi,KE
>> +254733744121/+254722743223
>> "I can't hear you -- I'm using the scrambler."
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "
>> freebsd-questions-unsubscribe at freebsd.org"
>>
>
>
> --
>
> --
> From: Benjamin Woods
> woodsb02 at gmail.com
>



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
"I can't hear you -- I'm using the scrambler."

More information about the freebsd-questions mailing list