Re: No ipf in RPI2 evbarm 7.0.2 kernel?

[Emilian Bold <emilian.bold%gmail.com@localhost>]

I haven't touched that. It's

$ sysctl -a | grep securelevel
kern.securelevel = 1
security.models.bsd44.securelevel = 1
security.models.securelevel.name = Traditional NetBSD: Securelevel
security.models.securelevel.securelevel = 1

So this explains not being able to load modules. Does it impact ipf too?


--emi


On Thu, Jul 5, 2018 at 5:47 AM, Christos Zoulas <christos%astron.com@localhost> wrote:
> In article <CAL6R17B2fs=Cp7mBz6A44EH49vQve4VZnEykVwxYZeGFb1TAGQ%mail.gmail.com@localhost>,
> Emilian Bold  <emilian.bold%gmail.com@localhost> wrote:
>>Hello,
>>
>>I can't get ipf to work. I never used ipf before so perhaps I'm doing
>>something wrong.
>>
>>In rc.conf
>>
>>ipfilter=YES
>>ipmon=YES
>>
>>but it doesn't seem to start properly:
>>
>># ipfstat
>>open(IPSTATE_NAME): Device not configured
>># ipmon
>>/dev/ipl: open: Device not configured
>>
>>Manually I also get an error:
>>
>># service ipfilter start
>>Enabling ipfilter.
>>0:open device: Device not configured
>>0:SIOCFRENB: Bad file descriptor
>>open device: Device not configured
>>User/kernel version check failed
>>open device: Device not configured
>>User/kernel version check failed
>>0:1:ioctl(add/insert rule)
>>
>># uname -a
>>NetBSD netbsd 7.0.2 NetBSD 7.0.2 (RPI2) #0: Mon Dec 19 22:31:19 UTC
>>2016  root@netbsd:/usr/obj/sys/arch/evbarm/compile/RPI2 evbarm
>>
>>I've also looked if there is perhaps some module for this and I see
>>that modload is restricted:
>>
>># modload a
>>modload: Operation not permitted
>>
>>Would appreciate any hints on how to get ipf running.
>
> What's the securelevel?
> $ sysctl -a | grep securelevel
>
> christos
>