IP Filter on FreeBSD 5.2.1

Paul Mather paul at gromit.dlib.vt.edu
Tue Sep 7 23:43:30 PDT 2004 

On Wed, 2004-09-08 at 02:12, Wayne Pascoe wrote:
> On Tue, Sep 07, 2004 at 05:50:59PM -0400, Paul Mather wrote:
> > 20030925:
> > 	Configuring a system to use IPFILTER now requires that PFIL_HOOKS
> > 	also be explicitly configured.  Previously this dependency was
> > 	magically handled through some cruft in net/pfil.h; but that has
> > 	been removed.  Building a kernel with IPFILTER but not PFIL_HOOKS
> > 	will fail with obtuse errors in ip_fil.c.
> > 
> > 
> > (It's a good idea to look in /usr/src/UPDATING before updating your
> > system.)
> 
> Fair enough - to a point. I only look for things that apply to my
> system when reading UPDATING... things that have changed since my last
> update. In september 2003, I wouldn't have read the ipfilter related
> stuff, because I wasn't using ipfilter at that time.

But it's always a good rule of thumb that when faced with a kernel/world
build failure to go back and take a closer look through UPDATING for
something you might have missed.  It could be argued that this would
also apply if you were enabling a feature (or adding a piece of
hardware) not previously used before.

> I'm sure someone won't mind including a single line in a howto because
> that then turns it into a definitive reference, that doesn't require
> referencing twoo locations.

I believe I misunderstood your original posting.  I'd thought you were
going to apprise the FreeBSD developer responsible for ipfilter that
people should be told they needed the PFIL_HOOKS option.  From the
above, it appears it's the howto author that is the intended recipient. 
Mea culpa!

The unfortunate thing about "definitive references," though, is that
when push comes to shove, UPDATING will take precedence.  In the case of
PFIL_HOOKS, it has vanished as an option under 6.0-CURRENT (though it
was present for a while, IIRC)...

Cheers,

Paul.
-- 
e-mail: paul at gromit.dlib.vt.edu

"Without music to decorate it, time is just a bunch of boring production
 deadlines or dates by which bills must be paid."
        --- Frank Vincent Zappa

More information about the freebsd-questions mailing list