Hello there, I recently ran into a slight issue with ipfilter running on 5.1-RELEASE. My machine serves the simple purpose as a nat gateway, so ipfilter is always going to be necessary on it. Due to this fact, i decided to include options IPFILTER in the kernel config, instead of dynamically loading the ipl.ko module. However, when ipfilter is used in the kernel image, it's automatically initialized (and thus does not need the -E flag). This has been noted in rc.conf for some time, and I of course removed the -E from the ipfilter_flags variable in that file. However, after booting my kernel with the IPFILTER options, I noticed warnings in my kernel logs that "ipfilter has already been initialized", which is consistent with using flag -E when ipf is already initialized. After some brief analysis, I discovered that /etc/rc.d/ipfilter actually uses -E in the shell script function, ipfilter_start(). After removing the two instances of the -E and rebooting, the warning messages disappeared at boot time. Is this a known glitch in the hopes that people start soley using the ipl kernel module? It's really not a big deal either way, but I was more just curious than anything in which direction it's going. Thanks in advance! -- Mike Bohan <bogin_at_shortcircut.org>
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:12 UTC