documentation about enabling IPFW
Robert Huff
roberthuff at rcn.com
Tue Feb 9 17:26:02 UTC 2010
Matthew Seaman writes:
> >> Can someone affirmatively verify that this part (30.6.1) of the
> >> Handbook is correct? Particularly the last sentence.
> >> Quote:
> >>
> >> IPFW is included in the basic FreeBSD install as a
> >> separate run time loadable module. The system will
> >> dynamically load the kernel module when the rc.conf
> >> statement firewall_enable="YES" is used. There is no need
> >> to compile IPFW into the FreeBSD kernel unless NAT
> >> functionality is desired.
> >
> > Yes, it is correct.
> >
> > You can also load during runtime:
> >
> > # kldload ipfw.ko
>
> That' not really the issue with what the quoted paragraph says.
> Enabling ipfw functionality by loading a kernel module is not under
> contention. The question is about ipfw+NAT. That paragraph says you
> have to compile ipfw into the kernel to use ipfw+NAT, however on a
> RELENG_8 system (at least) there's a loadable ipfw_nat.ko module.
> Which very much implies you *don't* need to compile ipfw into the
> kernel for ipfw+NAT nowadays.
Exactly!
Robert Huff
More information about the freebsd-questions
mailing list