I'm using ipfw since always. Maybe I should take a look at pf. I first compiled the kernel without the pf devices. I than activated the pf devices in case they would be some dependency fulfilled. Thanks, SR Justin C. Sherrill a 嶰rit : > On Sat, November 20, 2010 2:42 pm, Stephane Russell wrote: >> Hi, >> >> Im upgrading DFBSD from 2.4 to 2.8. I compiled with success the GENERIC >> kernel. But when I take this configuration and add the firewall and >> IPDIVERT changes, I'm getting this: > > Are you using both ipfw and pf? Most of those options are for ipfw (I > think). I had trouble with ipfw not working when I upgraded to 2.6 (I > haven't moved that box to 2.8 yet), though I think it wasn't during > compilation but when running it later. > > This is not a direct solution to your problem, but my fix was to comment > out all the IPFIREWALL and IPDIVERT stuff and put this in /etc/rc.conf: > > gateway_enable="YES" > pf_enable="YES" > pflog_enable="YES" > > And this in /etc/pf.conf > > extif="em0" > intif="nfe0" > nat on $extif from 192.168.0.0/24 to any -> ($extif) > > I'm just using this box for NAT. If you're doing the same, this should > work for you as a replacement strategy. > >