$ echo "/usr/src/sys/`uname -m`/conf/`uname -i`"
(by default /usr/src/sys/[red]your_FreeBSD_arch_here[/red]/conf/GENERIC) [Available if you have FreeBSD sources]cat /usr/src/sys/conf/NOTES | grep IPFIREWALL
# IPFIREWALL enables support for IP firewall construction, in
# conjunction with the `ipfw' program. IPFIREWALL_VERBOSE sends
# logged packets to the system logger. IPFIREWALL_VERBOSE_LIMIT
# WARNING: IPFIREWALL defaults to a policy of "deny ip from any to any"
# IPFIREWALL_DEFAULT_TO_ACCEPT causes the default rule (at boot) to
# depends on IPFIREWALL if compiled into the kernel.
# IPFIREWALL_FORWARD enables changing of the packet destination either
# IPFIREWALL_NAT adds support for in kernel nat in ipfw, and it requires
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
options IPFIREWALL_FORWARD #packet destination changes
options IPFIREWALL_NAT #ipfw kernel nat support
# DUMMYNET enables the "dummynet" bandwidth limiter. You need IPFIREWALL
SIFE said:There is GENERIC file under /usr/src/sys/${arch}/conf/, Where <arch> is i386 or amd64, depend in your CPU type.
You can also see /usr/src/sys/conf/NOTES for adding options to kernel.
Code:cat /usr/src/sys/conf/NOTES | grep IPFIREWALL
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
options IPFIREWALL_NAT #ipfw kernel nat support
ipfw_load="YES"
net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose_limit=10
net.inet.ip.fw.default_to_accept=1
libalias_load="YES"
Dre said:Code:cat /usr/src/sys/conf/NOTES | grep IPFIREWALL
% grep IPFIREWALL /usr/src/sys/conf/NOTES
Does that mean that IPFIREWALL_VERBOSE is already activated in my current kernel than?
wblock said:UUOC...
% grep IPFIREWALL /usr/src/sys/conf/NOTES
...
No, NOTES is a file of notes, examples of what can be in a kernel config file. killasmurf86 showed how to locate the kernel file in use in post #2.
grep IPFIREWALL /usr/src/sys/i386/conf/GENERIC
Dre said:What is it that I don't understand then?
returns nothing...Code:grep IPFIREWALL /usr/src/sys/i386/conf/GENERIC
How come ipfw works for me? (haven't been able to get logging to work though)
% kldstat
wblock said:% kldstat
Does that show ipfw.ko? Then that module is not part of the kernel, but was loaded somehow. Maybe included in /boot/loader.conf, maybe /etc/rc.d/ipfw auto-loads it.
kldstat
Id Refs Address Size Name
1 19 0xc0400000 bb5504 kernel
2 1 0xc0fb6000 13fe8 ipfw.ko
ipfw_load="YES"
net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose_limit=100
net.inet.ip.fw.default_to_accept=1
libalias_load="YES"
net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose_limit=5