On Mon, 8 Nov 2004 12:01:41 -0500, "dave" <[EMAIL PROTECTED]> writes:
> Hello,
> I believe i am having a configuration error. I've got a new 5.3
> box to
> which i'm atempting to get ipfilter going. I read the updated handbook
> and
> have added:
>
> ipfilter_enable="YES"
> ipfilter_rules="/etc/ipf.rules"
> ipmon_enable="YES"
> ipmon_flags="-Dsvn"
>
> to my rc.conf file. When i try to manually load up my rules file with:
> ipf -FA -f /etc/ipf.rules
> i am getting an error "can not open no such device"
> I have not compiled anything for ipfilter in to the kernel as i had
> done
> previously i understood from the handbook that ipf was capable of
> being
> dynamically loaded and the rc.conf line would suffice.
I recently updated a system from 5.2.1 to 5.3 and had problems with
ipfilter (dynamically loading it, as you are above). In my case, I
noticed this during boot, when ipfilter was being activated:
link_elf: symbol in6_cksum undefined
The net effect was that the kernel module would not load, due to the
unresolved symbol.
In my case, I was using a custom kernel that lacked "options INET6".
Re-building my kernel with that option added (i.e., with IPv6 support
enabled) fixed the problem and the ipfilter kernel module now works.
I'm guessing there's some kind of hidden dependency on IPv6 in 5.3 as
far as the ipfilter kernel module is concerned. (This didn't seem to be
the case in 5.2.1, from what I remember.)
Cheers,
Paul.
--
e-mail: [EMAIL PROTECTED]
"Without music to decorate it, time is just a bunch of boring production
deadlines or dates by which bills must be paid."
--- Frank Vincent Zappa
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
