From owner-freebsd-questions@FreeBSD.ORG Thu May 18 16:38:00 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 706BD16A48C for ; Thu, 18 May 2006 16:38:00 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id AD9E343D5E for ; Thu, 18 May 2006 16:37:51 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.pc (host5.bedc.ondsl.gr [62.103.39.229]) (authenticated bits=128) by igloo.linux.gr (8.13.6/8.13.6/Debian-1) with ESMTP id k4IGbC9P017716 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 18 May 2006 19:37:14 +0300 Received: from gothmog.pc (gothmog [127.0.0.1]) by gothmog.pc (8.13.6/8.13.6) with ESMTP id k4IGdNjW060967; Thu, 18 May 2006 19:39:23 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from giorgos@localhost) by gothmog.pc (8.13.6/8.13.6/Submit) id k4IGdLK5060966; Thu, 18 May 2006 19:39:21 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Thu, 18 May 2006 19:39:21 +0300 From: Giorgos Keramidas To: "Michael P. Soulier" Message-ID: <20060518163921.GB60882@gothmog.pc> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (score=-3.402, required 5, autolearn=not spam, ALL_TRUSTED -1.80, AWL 0.80, BAYES_00 -2.60, DNS_FROM_RFC_ABUSE 0.20) X-Hellug-MailScanner-From: keramida@ceid.upatras.gr X-Spam-Status: No Cc: freebsd-questions@freebsd.org Subject: Re: kernel module for ipf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 May 2006 16:38:01 -0000 On 2006-05-18 12:05, "Michael P. Soulier" wrote: > Hello, > > The handbook mentions that ipf should work out of the box in FreeBSD > thanks to a kernel module, but it doesn't say which one. > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html > > "IPF is included in the basic FreeBSD install as a separate run time > loadable module. The system will dynamically load the IPF kernel > loadable module when the rc.conf statement ipfilter_enable="YES" is > used. The loadable module was created with logging enabled and the > default pass all options. You do not need to compile IPF into the > FreeBSD kernel just to change the default to block all, you can do > that by just coding a block all rule at the end of your rule set." > > I don't see anything under /boot/kernel that looks like a likely > candidate. There's an ipfw.ko, but no ipf or ipfilter. I'd prefer to > not reboot my system just to find out, so could someone point me to > the correct module? I'm running FreeBSD 5.4 with the GENERIC kernel. The module is called "ipl.ko": # ls -l /boot/kernel/ipl.* -r-xr-xr-x 1 root wheel - 171625 May 16 16:05 /boot/kernel/ipl.ko -r-xr-xr-x 1 root wheel - 371887 May 16 16:05 /boot/kernel/ipl.ko.symbols # Strange and weird, but this is the name the IP Filter kernel module has had for years, so it's not easy to change it now without breaking all the scripts around the world that assume its name is "ipl". - Giorgos