Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 9 Feb 2010 12:26:00 -0500
From:      Robert Huff <roberthuff@rcn.com>
To:        Matthew Seaman <m.seaman@infracaninophile.co.uk>
Cc:        questions@freebsd.org, Robert Huff <roberthuff@rcn.com>, Steve Bertrand <steve@ibctech.ca>
Subject:   Re: documentation about enabling IPFW
Message-ID:  <19313.39592.586676.508318@jerusalem.litteratus.org>
In-Reply-To: <4B71984F.1050609@infracaninophile.co.uk>
References:  <19313.36357.907425.293700@jerusalem.litteratus.org> <4B718F2A.8060801@ibctech.ca> <4B71984F.1050609@infracaninophile.co.uk>

next in thread | previous in thread | raw e-mail | index | archive | help

Matthew Seaman writes:

>  >> 	Can someone affirmatively verify that this part (30.6.1) of the
>  >> Handbook is correct?  Particularly the last sentence.
>  >> 	Quote:
>  >>
>  >> 		IPFW is included in the basic FreeBSD install as a
>  >> 		separate run time loadable module. The system will
>  >> 		dynamically load the kernel module when the rc.conf
>  >> 		statement firewall_enable="YES" is used. There is no need
>  >> 		to compile IPFW into the FreeBSD kernel unless NAT
>  >> 		functionality is desired.
>  > 
>  > Yes, it is correct.
>  > 
>  > You can also load during runtime:
>  > 
>  > # kldload ipfw.ko
>  
>  That' not really the issue with what the quoted paragraph says.
>  Enabling ipfw functionality by loading a kernel module is not under
>  contention.  The question is about ipfw+NAT.  That paragraph says you
>  have to compile ipfw into the kernel to use ipfw+NAT, however on a
>  RELENG_8 system (at least) there's a loadable ipfw_nat.ko module.
>  Which very much implies you *don't* need to compile ipfw into the
>  kernel for ipfw+NAT nowadays.

	Exactly!


					Robert Huff




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19313.39592.586676.508318>