On Thu, Jan 15, 2004 at 05:04:59PM -0500, Robert Watson wrote: > > IPFILTER now relies on the PFIL_HOOKS kernel option; this is something > that is somewhat poorly documented, and we should add it to the errate I > suspect. If you add "options PFIL_HOOKS" to your kernel config, it should > work. Moving to PFIL_HOOKS for all the "funky IP input/ouput" feature is > a goal for 5.3 (in fact, I believe Sam has it almost entirely done in one > of his development branches), and should both simplify the input/output > paths, and also simplify locking for the IP stack. So the change is for a > good cause :-). >
That reminds me: is there a way to influence the order in which the various packages are hooked up? E.g. I can imagine a situation where you want IPfilter NATting and ipfw filtering. In such a scenario you want to be able to specify _exactly_ that ipfilter comes before ipfw when packets come in, and vice versa when packets go out. -Guido _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"