netbsd-help: Re: [3.0 i386] ipfilter?

Subject: Re: [3.0 i386] ipfilter?
To: None <netbsd-help@netbsd.org>
From: Christos Zoulas <christos@astron.com>
List: netbsd-help
Date: 01/17/2006 13:28:06

In article <loom.20060117T135854-928@post.gmane.org>,
Sylvain Briole  <sbriole.mls@free.fr> wrote:
>Hi all!
>
>I am trying to use ipfilter on NetBSD 3.0 i386 (I have already successfully
>installed and tested it on NetBSD 2.0.2 i386).
>
># sysctl -w net.inet.ip.forwarding=1
>net.inet.ip.forwarding: 0 -> 1
>
># cat /etc/ipf.conf
>pass in  quick on lo0 all
>pass out quick on lo0 all
>
># /etc/rc.d/ipfilter stop
>Disabling ipfilter.
>open device: Device not configured
>SIOCFRENB: Bad file descriptor
>
># /etc/rc.d/ipfilter start
>Enabling ipfilter.
>open device: Device not configured
>SIOCFRENB: Bad file descriptor
>open device: Device not configured
>User/kernel version check failed
>open device: Device not configured
>User/kernel version check failed
>2:ioctl(add/insert rule): Bad file descriptor
>1:ioctl(add/insert rule): Bad file descriptor
>
># ipf -V
>ipf: IP Filter: v4.1.8 (396)
>open device: Device not configured
>
>What's that? Do I need to recompile a kernel?
>

Yes, you probably do need to recompile the kernel. Which kernel are
you running with? GENERIC has:

    pseudo-device   ipfilter                # IP filter (firewall) and NAT

christos