Running 4.3-Beta, cvsupped early on 3/13/01.
These lines are either confusing or wrong. Possibly something has changed
in the default state (now enabled?) of the ipfilter module.
ipfilter_flags="-E" # should be *empty* when ipf is _not_ a module
# (i.e. compiled into the kernel) to
# avoid a warning about "already initialized"
I load ipf as a module by adding a line to /boot/loader.conf:
ipl_load="YES"
Running a GENERIC kernel.
I have a valid rules file at /etc/ipf.rules
I add the following line to /etc/rc.conf:
ipfilter_enable="YES"
and when I boot I get...
from dmesg:
IP Filter: v3.4.16 initialized. Default = pass all, Logging = enabled
from /var/log/console.log:
Mar 13 19:32:59 port /kernel: Doing initial network setup:
Mar 13 19:32:59 port /kernel: hostname
Mar 13 19:32:59 port /kernel: ipfilter
Mar 13 19:32:59 port /kernel: SIOCFRENB: Invalid argument
Mar 13 19:32:59 port /kernel: .
Mar 13 19:32:59 port /kernel: fxp0: flags=8843<UP,BROADCAST,RUNNING...
If I add this line to /etc/rc.conf:
ipfilter_flags=""
The "SIOCFRENB: Invalid argument" message goes away, and ipf IS working.
So if the comment is correct that -E is not needed for compiled into the
kernel ipf, and I am correct that -E is not needed for module loaded ipf,
I'd like to see the default change to "" and have the comment changed...
+ipfilter_flags="" # Flags to ipfilter (if enabled).
-ipfilter_flags="-E" # should be *empty* when ipf is _not_ a module
- # (i.e. compiled into the kernel) to
- # avoid a warning about "already initialized"
If someone can verify my findings I could submit a PR.
Thanks,
- Tim
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
