Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 8 Jun 2013 00:54:44 +0200
From:      Polytropon <>
To:        Norman Khine <>
Subject:   Re: custom kernel installation
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Sat, 8 Jun 2013 00:37:02 +0200, Norman Khine wrote:
> hello,
> i have a dedicated server from OVH and have updated freebsd to 9.1 and want
> to enable IPFW in the kernel as this is not enabled.

Why not use the module for this? For many years now, you
do not need a custom kernel if you want to use IPFW (which
_had_ to be compiled into the kernel in the past). Use

	# kldload ipfw.ko

and maybe

	# kldload ipfw_nat.ko

if it's just about having IPFW. Of course, if explicitely
having it _in_ the kernel is your objective, unread this
comment. :-)

> the way i updated the system was to copy /boot/kernel.old to /boot/GENERIC
> then followed ch25
> went well and the system is up to date.

So you did freebsd-update to update to 9.1-RELEASE.

> so i got the 9.1 sources and now in /usr/src/sys/amd64/conf i have a
> GENERIC file, but this is too generic, besides i don't have access to the
> physical box.

This file is what the GENERIC kernel (distributed with the OS)
has been generated from. Use it as a template for your own
custom kernel.

> what will be the correct way to include the IPFW to existing /boot/kernel
> is there a way to generate the GENERIC file from the existing loaded kernel?

No, you can simply copy it and then make changes. For example:

	# cd /usr/src/sys/amd64/conf
		(or use any other descriptive name)
		(make changes as desired, then :wq)
	# cd /usr/src
	# make buildkernel KERNCONF=MYKERNEL
	# make installkernel KERNCONF=MYKERNEL
	# reboot

Keep in mind that kernel and world have to be in sync version-wise!

Regarding IPFW, you will probably add lines like the following:

	options         DUMMYNET
	options         IPFIREWALL
	options         IPFIREWALL_VERBOSE
	options         IPFIREWALL_VERBOSE_LIMIT=500
	options         IPFILTER
	options		IPDIVERT

Of course you can also remove lines for hardware you don't have
in your box, like trimming the support for NICs or SCSI controllers
and the like. :-)

Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

Want to link to this message? Use this URL: <>