> I guess IPFILTER_LOOKUP is supposed to work because we have the ippool(8)
> command.  Is this known to work, though?

Absolutely. This does work from 3.0.1 on.

I would urge that pr 38284 be applied and
if you want to use large pools, pr 38286.

For 4.0 onwards, the aforementioned pr's are suggested plus 38287
will be required to get it to compile.


> What about the undocumented options IPFILTER_CKSUM, IPFILTER_SYNC, and
> IPFILTER_SCAN?  Are they supposed to work?  What exactly do they do?

I suspect you would need to ask Darren Reed.

> Shouldn't all 4 of them be defflag'ed?

Sorry, what is (flagged,) deflagg'ed and defopt'ed mean?
I guess if I have to ask, I probabaly wouldn't understand...8-)

> Apropos, what about defflag'ing IPFILTER_DEFAULT_BLOCK on the 3.x
> branch, too?
>
> And shouldn't IPFILTER_LOGSIZE be defopt'ed?

Thanks,
gene