ipfw2 broken
Ruslan Ermilov
ru at freebsd.org
Thu Aug 19 01:56:07 PDT 2004
On Wed, Aug 18, 2004 at 07:03:47PM -0700, Sean McNeil wrote:
> How do I get the ipfw2 module to compile with divert? It doesn't
> recognize the following in my config file when building the module:
>
> options IPFIREWALL_FORWARD
> options IPDIVERT
>
> Also, the /etc/rc.d/ipfw script is looking for an invalid sysctl var:
>
> net.inet.ip.fw.enable
>
> and it will fail if I have the IPFIREWALL option which compiles the code
> into the kernel because it will try to load and return 1 on a failure.
>
> This is an amd64 system.
>
Modules build is decoupled from header files produced by config(8) except
for opt_global.h, and this one doesn't have firewall options. If you
need firewall with divert(4) sockets, you have to compile it statically
into your kernel.
Alternatively, you can compile your kernel with ``options IPDIVERT''
and compile the ipfw module with ipdivert support by modifying the
src/sys/modules/ipfw/Makefile to add -DIPDIVERT to CFLAGS.
Cheers,
--
Ruslan Ermilov
ru at FreeBSD.org
FreeBSD committer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20040819/2cfa0ff9/attachment.bin
More information about the freebsd-current
mailing list