Darren Reed wrote:
> And, I suspect, Jonathan's isn't the only one...especailly given the man page
> wasn't updated for "ipf -E" (pedantic, but important point).
> 
> > I thought Darren was saying that loading an ipfilter LKM should _also_
> > pass all packets through the rule-filter, unless otherwise specified.
> > Darren, could you clarify that?
> 
> Loading a kernel module implies you want something to be working in your
> kernel.  It should (IMHO) load in and start working from then on - the
> same as when compiled into the kernel.

The above had me stuck for ages. You may have seen some posts to
current-users and help-netbsd. I was under the strong impression that
with the filter lkm not loaded filtering was off, and after a modload
it was on. This seemed totally logical. To switch it on a second time
seemed counter-intuitive.

Patrick