IPFW does not compile with Kernel

[adripillo]

Hello, I am trying to compile IPFW into FreeBSD Kernel:

# grep IPFIREWALL /usr/src/sys/ia64/conf
Building and Installing a Custom Kernel with IPFW

Copy default kernel file:

# cd /usr/src/sys/ia64/conf
# cp GENERIC IPFWKERNEL

Add IPFW support:

# vi IPFWKERNEL
Append following directives:
options IPFIREWALL # required for IPFW
options IPFIREWALL_VERBOSE # optional; logging
options IPFIREWALL_VERBOSE_LIMIT=10 # optional; don't get too many log entries
options IPDIVERT # needed for natd

Save and close the file. Building a Kernel, type following commands bur I get this error.

# cd /usr/src
# make buildkernel KERNCONF=IPFWKERNEL
ERROR: Missing kernel configuration file(s) (IPFWKERNEL).
*** [buildkernel] Error code 1

Stop in /usr/src.
*** [buildkernel] Error code 1

Stop in /usr/src.

What I am doing wrong?

 

[ShelLuser]

It seems you're trying to build a kernel for a different architecture than the one you're currently using. Try using uname -m. My bet is that it doesn't match ia64.

For example: uname -m returns amd64 on my server. So if I go to /usr/src/sys/i386/conf and perform the copy / edit part then I get the same results.

And on that subject; I'd like to suggest a different approach for the things you're trying to do.

You see; what you're doing works perfectly. Copy the configuration and add to it. But you may run into problems whenever you upgrade to a new FreeBSD (and/or kernel) version. Because even in GENERIC things change. For example; when looking at the GENERIC kernel in FreeBSD version 9.1 and that in 9.2 you'll notice that 9.2 includes the so called VirtIO drivers, these are new.

Now; of course you could simply do the whole routine again; copy GENERIC, add your stuff and be done with it. But I'd like to suggest an alternative. Create a new file called IPFWKERNEL and then use this:

include GENERIC
ident   IPFWKERNEL

options IPFIREWALL # required for IPFW
options IPFIREWALL_VERBOSE # optional; logging
options IPFIREWALL_VERBOSE_LIMIT=10 # optional; don't get too many log entries
options IPDIVERT # needed for natd

What this does is include all the options in the GENERIC file so that your new kernel configuration will always match that of the GENERIC kernel, despite the FreeBSD version you use it on.

Next it sets a specific identification for your kernel and finally adds the options you wanted to include.

The advantage here is that you never need to remember that you have to copy GENERIC and add your options. Instead you can simply copy or link this file into your new kernel source configuration and start using it.

Hope this can help.

 

[adripillo]

It seems you're trying to build a kernel for a different architecture than the one you're currently using. Try using uname -m. My bet is that it doesn't match ia64.

For example: uname -m returns amd64 on my server. So if I go to /usr/src/sys/i386/conf and perform the copy / edit part then I get the same results.

And on that subject; I'd like to suggest a different approach for the things you're trying to do.

You see; what you're doing works perfectly. Copy the configuration and add to it. But you may run into problems whenever you upgrade to a new FreeBSD (and/or kernel) version. Because even in GENERIC things change. For example; when looking at the GENERIC kernel in FreeBSD version 9.1 and that in 9.2 you'll notice that 9.2 includes the so called VirtIO drivers, these are new.

Now; of course you could simply do the whole routine again; copy GENERIC, add your stuff and be done with it. But I'd like to suggest an alternative. Create a new file called IPFWKERNEL and then use this:

include GENERIC
ident   IPFWKERNEL

options IPFIREWALL # required for IPFW
options IPFIREWALL_VERBOSE # optional; logging
options IPFIREWALL_VERBOSE_LIMIT=10 # optional; don't get too many log entries
options IPDIVERT # needed for natd

What this does is include all the options in the GENERIC file so that your new kernel configuration will always match that of the GENERIC kernel, despite the FreeBSD version you use it on.

Next it sets a specific identification for your kernel and finally adds the options you wanted to include.

The advantage here is that you never need to remember that you have to copy GENERIC and add your options. Instead you can simply copy or link this file into your new kernel source configuration and start using it.

Hope this can help.

Thanks, I will do that.