documentation about enabling IPFW
m.seaman at infracaninophile.co.uk
Tue Feb 9 17:16:07 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
On 09/02/2010 16:36, Steve Bertrand wrote:
> Robert Huff wrote:
>> Can someone affirmatively verify that this part (30.6.1) of the
>> Handbook is correct? Particularly the last sentence.
>> IPFW is included in the basic FreeBSD install as a
>> separate run time loadable module. The system will
>> dynamically load the kernel module when the rc.conf
>> statement firewall_enable="YES" is used. There is no need
>> to compile IPFW into the FreeBSD kernel unless NAT
>> functionality is desired.
> Yes, it is correct.
> You can also load during runtime:
> # kldload ipfw.ko
That' not really the issue with what the quoted paragraph says.
Enabling ipfw functionality by loading a kernel module is not under
contention. The question is about ipfw+NAT. That paragraph says you
have to compile ipfw into the kernel to use ipfw+NAT, however on a
RELENG_8 system (at least) there's a loadable ipfw_nat.ko module.
Which very much implies you *don't* need to compile ipfw into the
kernel for ipfw+NAT nowadays.
I think that last part is out of date for recent releases where 'kernel
nat' is supported, but I'd ask again on freebsd-ipfw@ or freebsd-net@ to
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the freebsd-questions