me wrote:
It compiles just fine, but can't be loaded or run. If memory serves, pf kernel module loads fine but pfctl fails, and the ipfw kernel module can't be loaded at all. Will need to re-run this experiment to make sure, and will report back.
Updating my statement after checking with release/10.0 kernel, rebuilt with: include GENERIC options ALTQ options ALTQ_CBQ options ALTQ_RED options ALTQ_RIO options ALTQ_HFSC options ALTQ_PRIQ options ALTQ_NOPCC makeoptions MKMODULESENV+="WITHOUT_INET_SUPPORT=" nooptions INET So, the pf does indeed load and run, but states that ALTQ is not available. Tried some simple rules and appears ok, although some rules are not liked, e.g.: set skip on lo0 produces: # pfctl -f /etc/pf.conf No ALTQ support in kernel ALTQ related functions disabled pfctl: socket: Address family not supported by protocol family The ipfw is another story. Seems the module ipfw.ko is not built at all, although there is a ipfw_nat.ko : # ls -c1 /boot/kernel/*ipfw* /boot/kernel/ipfw_nat.ko /boot/kernel/ipfw_nat.ko.symbols /boot/kernel/ng_ipfw.ko /boot/kernel/ng_ipfw.ko.symbols Mark _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
