() ()

To build a kernel for use with the loadable kernel module, follow these steps: 1. In /sys/i386/conf, create a new kernel config file (to be used with IPFILTER), i.e. FIREWALL and run config, i.e. "config FIREWALL"

2. build the object files, telling it the name of the kernel to be used. "freebsd22" MUST be the target, so the command would be something like this: "make freebsd22 IPFILKERN=FIREWALL"

3. do "make install-bsd" (probably has to be done as root)

4. run "FreeBSD-2.2/minstall" as root

5. build a new kernel

6. install and reboot with the new kernel

7. use modload(8) to load the packet filter with: modload if_ipl.o

8. do "modstat" to confirm that it has been loaded successfully.

There is no need to use mknod to create the device in /dev; - upon loading the module, it will create itself with the correct values, under the name (IPL_NAME) from the Makefile. It will also remove itself from /dev when it is modunload'd.

To build a kernel with the IP filter, follow these steps:

*** KERNEL INSTALL CURRENTLY UNSUPPORTED *** 1. do "make freebsd22"

2. do "make install-bsd" (probably has to be done as root)

3. run "FreeBSD-2.2/kinstall" as root

4. build a new kernel

5a) For FreeBSD 2.2 (or later) create devices for IP Filter as follows: mknod /dev/ipl c 79 0 mknod /dev/ipnat c 79 1 mknod /dev/ipstate c 79 2 mknod /dev/ipauth c 79 3

5b) For versions prior to FreeBSD 2.2: create devices for IP Filter as follows (assuming it was installed into the device table as char dev 20): mknod /dev/ipl c 20 0 mknod /dev/ipnat c 20 1 mknod /dev/ipstate c 20 2 mknod /dev/ipauth c 20 3

6. install and reboot with the new kernel

Darren Reed darrenr@pobox.com

November 26, 2024