IPFW && PFIL_HOOKS

[Ceri Davies]

Attached is a diff to the handbook that updates the details of how to
get IPFW working, and which I don't really like much.  Help me batter it
into shape please.

Cheers,

Ceri
-- 
It is not tinfoil, it is my new skin.  I am a robot.
-------------- next part --------------
Index: security/chapter.sgml
===================================================================
RCS file: /home/dcvs/doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v
retrieving revision 1.212
diff -u -r1.212 chapter.sgml
--- security/chapter.sgml	18 Aug 2004 09:18:54 -0000	1.212
+++ security/chapter.sgml	19 Aug 2004 17:48:19 -0000
@@ -2890,7 +2890,7 @@
 	  any</literal> and avoid the possibility of a lockout.</para>
       </warning>
 
-      <para>There are currently four kernel configuration options relevant to
+      <para>There are currently five kernel configuration options relevant to
 	IPFW:</para>
 	  
       <variablelist>
@@ -2947,6 +2947,17 @@
 	      &man.ipfw.8; as a filter for specific problems as they arise.
 	      Use with care though, as this opens up the firewall and changes
 	      the way it works.</para>
+	  </listitem>
+	</varlistentry>
+
+	<varlistentry>
+	  <term><literal>options PFIL_HOOKS</literal></term>
+
+	  <listitem>
+	    <para>Versions of &os; from 5.3-RELEASE and upwards require
+	      this option to add callout hooks for packet filters; on
+	      these versions of &os;, IPFW will not work without this
+	      option.</para>
 	  </listitem>
 	</varlistentry>
       </variablelist>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-doc/attachments/20040819/6e00f16b/attachment.sig>