| |
| To build a kernel for use with the loadable kernel module, follow these |
| steps: |
| 1. In /sys/i386/conf, create a new kernel config file (to be used |
| with IPFILTER), i.e. FIREWALL and run config, i.e. "config FIREWALL" |
| |
| 2. build the object files, telling it the name of the kernel to be |
| used. "freebsd22" MUST be the target, so the command would be |
| something like this: "make freebsd22 IPFILKERN=FIREWALL" |
| |
| 3. do "make install-bsd" |
| (probably has to be done as root) |
| |
| 4. run "FreeBSD-2.2/minstall" as root |
| |
| 5. build a new kernel |
| |
| 6. install and reboot with the new kernel |
| |
| 7. use modload(8) to load the packet filter with: |
| modload if_ipl.o |
| |
| 8. do "modstat" to confirm that it has been loaded successfully. |
| |
| There is no need to use mknod to create the device in /dev; |
| - upon loading the module, it will create itself with the correct values, |
| under the name (IPL_NAME) from the Makefile. It will also remove itself |
| from /dev when it is modunload'd. |
| |
| To build a kernel with the IP filter, follow these steps: |
| |
| *** KERNEL INSTALL CURRENTLY UNSUPPORTED *** |
| 1. do "make freebsd22" |
| |
| 2. do "make install-bsd" |
| (probably has to be done as root) |
| |
| 3. run "FreeBSD-2.2/kinstall" as root |
| |
| 4. build a new kernel |
| |
| 5a) For FreeBSD 2.2 (or later) |
| create devices for IP Filter as follows: |
| mknod /dev/ipl c 79 0 |
| mknod /dev/ipnat c 79 1 |
| mknod /dev/ipstate c 79 2 |
| mknod /dev/ipauth c 79 3 |
| |
| 5b) For versions prior to FreeBSD 2.2: |
| create devices for IP Filter as follows (assuming it was |
| installed into the device table as char dev 20): |
| mknod /dev/ipl c 20 0 |
| mknod /dev/ipnat c 20 1 |
| mknod /dev/ipstate c 20 2 |
| mknod /dev/ipauth c 20 3 |
| |
| 6. install and reboot with the new kernel |
| |
| Darren Reed |
| darrenr@pobox.com |