From owner-freebsd-stable Mon Jan 22 8:53:25 2001 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.hcvlny.cv.net (mx1.hcvlny.cv.net [167.206.112.76]) by hub.freebsd.org (Postfix) with ESMTP id CDBB537B402 for ; Mon, 22 Jan 2001 08:53:07 -0800 (PST) Received: from s1.optonline.net (s1.optonline.net [167.206.112.6]) by mx1.hcvlny.cv.net (8.10.2/8.10.2) with ESMTP id f0MGr7i21715; Mon, 22 Jan 2001 11:53:07 -0500 (EST) Received: from optonline.net (ool-18be012f.dyn.optonline.net [24.190.1.47]) by s1.optonline.net (8.10.2/8.10.2) with ESMTP id f0MGr6u28444; Mon, 22 Jan 2001 11:53:07 -0500 (EST) Message-ID: <3A6C6572.DF137C54@optonline.net> Date: Mon, 22 Jan 2001 11:53:06 -0500 From: trini0 X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.2-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Carroll Kong , FreeBSD Stable Subject: Re: Ipfilter version in stable... References: <4.2.2.20010122101435.00bdaf00@netmail.home.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Very interesting. I came across that ftp problem, and was considering upping to 3.4.16, but I didn't want to go through the rebuilding of ipfilter everytime I upgrade FBSD. I quickly glanced at the man page for loader.conf and it seems that you can have modules & flags set in the file. So I just got to check on the rest of ipfilter, and see if ipnat, and ipmon can be modules. So is performance good using the module route instead of putting it in the kernel?? Carroll Kong wrote: > At 10:35 AM 1/22/01 +0100, Maikel Verheijen wrote: > >Hi all! > > > >Does anyone know when there will be a new version of ipfilter be integrated > >in FreeBSD-stable? The one in FreeBSD (v3.4.8) still has a bug when natting > >active ftp connections. > > > >Of course I can install the newest ipfilter, but I don't want to recompile > >and install it after each buildworld + installworld :) > > > > > >TIA, > >Maikel Verheijen. > > I had the same thoughts as you exactly, however, there is a better > way. Seems like FreeBSD is more "modular" now, and IPfilter benefits from > this as well. > > Unpack the src, make freebsd4, make minstall; Add > > ipf_load="YES" > > to /boot/loader.conf. Make sure IPFILTER is no longer in the kernel. (or > else it will load up twice). This seems to expedite the upgrade procedure > significantly. > > -Carroll Kong > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message -- _____________________________ | trini0 | | | / ) | Systems Administrator | / / | Network Engineer | ( ( | email ==> | (((\ \> |/ ) trini0@optonline.net | (\\\\ \_/ /_________________________| \ / \ _/ / / / / To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message