From owner-freebsd-questions@FreeBSD.ORG Tue Mar 15 19:53:50 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5670116A4CE for ; Tue, 15 Mar 2005 19:53:50 +0000 (GMT) Received: from sockeye.firmanix.com (sockeye.firmanix.com [216.127.139.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00E8443D2F for ; Tue, 15 Mar 2005 19:53:50 +0000 (GMT) (envelope-from andy@firman.us) Received: from andy by sockeye.firmanix.com with local (Exim 4.44 (FreeBSD)) id 1DBI6y-000I8q-1O for freebsd-questions@freebsd.org; Tue, 15 Mar 2005 14:53:52 -0500 Date: Tue, 15 Mar 2005 14:53:52 -0500 From: Andy Firman To: freebsd-questions@freebsd.org Message-ID: <20050315195351.GA69547@sockeye.firmanix.com> References: <20050314194504.GA52623@sockeye.firmanix.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050314194504.GA52623@sockeye.firmanix.com> User-Agent: Mutt/1.4.2.1i Subject: Re: need help getting around kern/70401 so I can load ipl.ko (SOLVED) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andy Firman List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Mar 2005 19:53:50 -0000 On Mon, Mar 14, 2005 at 02:45:04PM -0500, Andy Firman wrote: > I have not been able to get ipfilter working on a system and > it is because I don't have INET6 in my custom kernel, and therefore > the system cannot load the ipl.ko module. Here is the issue: > > http://www.freebsd.org/cgi/query-pr.cgi?pr=70401 > Found a solution to my problem. One must add an entry to /etc/make.conf and then you can rebuild the module, load it, and get the firewall going with no reboot. Below is a summary of doing this with my TEST kernel having the INET6 option commented out. ------------------------------------------------------------------------- su-3.00# kldload -v ipl kldload: can't load ipl.ko: No such file or directory su-3.00# uname -a FreeBSD localhost 5.3-STABLE FreeBSD 5.3-STABLE #0: Mon Mar 14 16:08:45 EST 2005 andy@localhost:/usr/obj/usr/src/sys/TEST i386 must add NOINET6=YES to /etc/make.conf before you make the new module..... su-3.00# cd /usr/src/sys/modules/ipfilter/ su-3.00# make su-3.00# make install su-3.00# kldload -v ipl Nothing returned to therefore loaded properly...!!!!! su-3.00# kldstat Id Refs Address Size Name 1 6 0xc0400000 59f308 kernel 2 1 0xc15fb000 17000 linux.ko 3 1 0xc1670000 16000 ipl.ko su-3.00# ipfstat -in empty list for ipfilter(in) su-3.00# ipfstat -on empty list for ipfilter(out) su-3.00# ipf -Fa -f /etc/ipf.rules This locks up your session. Must login again and start new session..... Success upon new login in which the rules are working!!!