*BSD News Article 98268


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.Hawaii.Edu!news.caldera.com!news.eli.net!uunet!in2.uu.net!128.230.129.106!news.maxwell.syr.edu!feed1.news.erols.com!news.nl.innet.net!INnl.net!feed1.news.innet.be!INbe.net!stns.news.pipex.net!warm.news.pipex.net!pipex!tank.news.pipex.net!pipex!news.utell.co.uk!usenet
From: brian@shift.utell.net (Brian Somers)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: IPFIREWALL and ipfw_mod.o confusion
Date: 23 Jun 1997 13:23:56 GMT
Organization: Awfulhak Ltd.
Lines: 32
Message-ID: <5oltdc$c8n@ui-gate.utell.co.uk>
References: <5oi0te$sb9$1@soggy.eis.net.au>
Reply-To: brian@awfulhak.org, brian@utell.co.uk
NNTP-Posting-Host: shift.utell.net
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Newsreader: knews 0.9.8
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:43354

In article <5oi0te$sb9$1@soggy.eis.net.au>,
	Ernie Elu <ernie@tinny.eis.net.au> writes:
> I am trying to get and ipfirewall running on 2.2.2-STABLE.
> 
> When I compile a kernel with the option IPFIREWALL, the firewall seems
> to be blocking all traffic after reboot. If I try to add the rule
> 
> ipfw add allow all from any to any I get an error until such time that I
> load the ipfw_mod.o module.
> 
> I am confused, is loading of the lpfw module always required before
> the firewall will work, or should it work with just the kernel option
> compiled in? What is the relationship between the two?

Not on my bench.  I have the following in my config:

options		IPFIREWALL
options		IPFIREWALL_VERBOSE

If you *don't* have this, you have to load the module, so I suspect
you havn't built/installed your new kernel properly....

> - Ernie.
> _____________________________________________________________________
>          Ernie Elu - ernie@eis.net.au -  Brisbane - Australia
>                       "I ping, therefore I am." 
> _____________________________________________________________________

-- 
Brian <brian@awfulhak.org> <brian@freebsd.org>
      <http://www.awfulhak.org>
Don't _EVER_ lose your sense of humour !