Current kernel configuration

D

Dre

Is there a file somewhere on my system with my current kernel configuration?

All I want to do is add

Code: 
 options IPFIREWALL_VERBOSE
 options IPFIREWALL_VERBOSE_LIMIT=10
to my current system.
 
$ echo "/usr/src/sys/`uname -m`/conf/`uname -i`" (by default /usr/src/sys/[red]your_FreeBSD_arch_here[/red]/conf/GENERIC) [Available if you have FreeBSD sources]
I suggest you copy it over, and then modify or include in your new kernel config, and set name in new file, and add options you like

For example: here's my kernel config:
http://aldis.git.bsdroot.lv/desktop/tree/ANTIGENERIC
 
There is GENERIC file under /usr/src/sys/${arch}/conf/, Where <arch> is i386 or amd64, depend in your CPU type.
You can also see /usr/src/sys/conf/NOTES for adding options to kernel.
Code: 
cat /usr/src/sys/conf/NOTES | grep IPFIREWALL
 
I actually found that file earlier but I didn't think it corresponded to my current kernel. I thought that
Code: 
 option IPFIREWALL
had to be included for ipfw to work and it's not in there. Yet ipfw works...
 
Code: 
cat /usr/src/sys/conf/NOTES | grep IPFIREWALL
# IPFIREWALL enables support for IP firewall construction, in
# conjunction with the `ipfw' program.  IPFIREWALL_VERBOSE sends
# logged packets to the system logger.  IPFIREWALL_VERBOSE_LIMIT
# WARNING:  IPFIREWALL defaults to a policy of "deny ip from any to any"
# IPFIREWALL_DEFAULT_TO_ACCEPT causes the default rule (at boot) to
# depends on IPFIREWALL if compiled into the kernel.
# IPFIREWALL_FORWARD enables changing of the packet destination either
# IPFIREWALL_NAT adds support for in kernel nat in ipfw, and it requires
options         IPFIREWALL              #firewall
options         IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
options         IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by default
options         IPFIREWALL_FORWARD      #packet destination changes
options         IPFIREWALL_NAT          #ipfw kernel nat support
# DUMMYNET enables the "dummynet" bandwidth limiter.  You need IPFIREWALL

Does that mean that IPFIREWALL_VERBOSE is already activated in my current kernel than?
 
SIFE said:
There is GENERIC file under /usr/src/sys/${arch}/conf/, Where <arch> is i386 or amd64, depend in your CPU type.
You can also see /usr/src/sys/conf/NOTES for adding options to kernel.
Code: 
cat /usr/src/sys/conf/NOTES | grep IPFIREWALL
Click to expand...

Don't forget about /usr/src/sys/<arch>/conf/NOTES. Both files are needed to see all the available options/devices.
 
If you just want a GENERIC kernel with some tweaks, I would create a config file with something like:
Code: 
include GENERIC

ident MYKERNEL-GENERIC
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10

That should work for you.
 
For this options recompile of kernel is no mandatory

Code: 
options         IPFIREWALL              #firewall
options         IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
options         IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by default
options         IPFIREWALL_NAT          #ipfw kernel nat support

equal in /boot/loader.conf:
Code: 
ipfw_load="YES"
net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose_limit=10
net.inet.ip.fw.default_to_accept=1

libalias_load="YES"
 
Dre said:
Code: 
cat /usr/src/sys/conf/NOTES | grep IPFIREWALL
Click to expand...

UUOC...
% grep IPFIREWALL /usr/src/sys/conf/NOTES

...

Does that mean that IPFIREWALL_VERBOSE is already activated in my current kernel than?
Click to expand...

No, NOTES is a file of notes, examples of what can be in a kernel config file. killasmurf86 showed how to locate the kernel file in use in post #2.
 
wblock said:
UUOC...
% grep IPFIREWALL /usr/src/sys/conf/NOTES

...



No, NOTES is a file of notes, examples of what can be in a kernel config file. killasmurf86 showed how to locate the kernel file in use in post #2.
Click to expand...


What is it that I don't understand then?
Code: 
grep IPFIREWALL /usr/src/sys/i386/conf/GENERIC
returns nothing...
How come ipfw works for me? (haven't been able to get logging to work though)
 
Dre said:
What is it that I don't understand then?
Code: 
grep IPFIREWALL /usr/src/sys/i386/conf/GENERIC
returns nothing...
How come ipfw works for me? (haven't been able to get logging to work though)
Click to expand...

% kldstat

Does that show ipfw.ko? Then that module is not part of the kernel, but was loaded somehow. Maybe included in /boot/loader.conf, maybe /etc/rc.d/ipfw auto-loads it.
 
wblock said:
% kldstat

Does that show ipfw.ko? Then that module is not part of the kernel, but was loaded somehow. Maybe included in /boot/loader.conf, maybe /etc/rc.d/ipfw auto-loads it.
Click to expand...

ipfw appears to be loaded from somewhere else then.

Code: 
kldstat
Id Refs Address    Size     Name
 1   19 0xc0400000 bb5504   kernel
 2    1 0xc0fb6000 13fe8    ipfw.ko

I've added
Code: 
ipfw_load="YES"
net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose_limit=100
net.inet.ip.fw.default_to_accept=1

libalias_load="YES"
to /boot/loader.conf

ipfw worked before I added those lines though.

I don't have a /etc/rc.d/ipfw file.



Any way of finding out if the logging functionality of ipfw is activated too? Can it be activated from outside the kernel in a similar way that the ipfw apparently is activated?
 
You must log in or register to reply here.
Back
Top