From owner-freebsd-questions@FreeBSD.ORG Thu May 18 17:18:57 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F9C316A793 for ; Thu, 18 May 2006 17:18:57 +0000 (UTC) (envelope-from scott@fishballoon.org) Received: from queue02-winn.ispmail.ntl.com (queue02-winn.ispmail.ntl.com [81.103.221.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE2FD43D95 for ; Thu, 18 May 2006 17:18:36 +0000 (GMT) (envelope-from scott@fishballoon.org) Received: from aamtaout04-winn.ispmail.ntl.com ([81.103.221.35]) by mtaout01-winn.ispmail.ntl.com with ESMTP id <20060518161912.TKHE29343.mtaout01-winn.ispmail.ntl.com@aamtaout04-winn.ispmail.ntl.com>; Thu, 18 May 2006 17:19:12 +0100 Received: from llama.fishballoon.org ([81.101.128.185]) by aamtaout04-winn.ispmail.ntl.com with ESMTP id <20060518161912.EVTK16086.aamtaout04-winn.ispmail.ntl.com@llama.fishballoon.org>; Thu, 18 May 2006 17:19:12 +0100 Received: from scott by llama.fishballoon.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1FglDS-000CDo-Hm; Thu, 18 May 2006 17:19:10 +0100 Date: Thu, 18 May 2006 17:19:10 +0100 From: Scott Mitchell To: "Michael P. Soulier" Message-ID: <20060518161909.GA41738@llama.fishballoon.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i X-Operating-System: FreeBSD 5.4-SECURITY i386 Sender: Scott Mitchell Cc: freebsd-questions@freebsd.org Subject: Re: kernel module for ipf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 May 2006 17:18:59 -0000 On Thu, May 18, 2006 at 12:05:00PM -0400, Michael P. Soulier wrote: > Hello, > > The handbook mentions that ipf should work out of the box in FreeBSD > thanks to a kernel module, but it doesn't say which one. > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html > > "IPF is included in the basic FreeBSD install as a separate run time > loadable module. The system will dynamically load the IPF kernel > loadable module when the rc.conf statement ipfilter_enable="YES" is > used. The loadable module was created with logging enabled and the > default pass all options. You do not need to compile IPF into the > FreeBSD kernel just to change the default to block all, you can do > that by just coding a block all rule at the end of your rule set." > > I don't see anything under /boot/kernel that looks like a likely > candidate. There's an ipfw.ko, but no ipf or ipfilter. I'd prefer to > not reboot my system just to find out, so could someone point me to > the correct module? I'm running FreeBSD 5.4 with the GENERIC kernel. Hi Mike, You want the ipl.ko module. No, I have no idea why it's called ipl not ipf either... Cheers, Scott -- =========================================================================== Scott Mitchell | PGP Key ID | "Eagles may soar, but weasels Cambridge, England | 0x54B171B9 | don't get sucked into jet engines" scott at fishballoon.org | 0xAA775B8B | -- Anon