pfil sysctl problem

[i3luefire]

Okay. Sorry for being a total newb. but i am running trueOS
2015.09.07 11:28:00 admin@trueOSrouter:~ % uname -a
FreeBSD trueOSrouter 10.2-RELEASE-p4 FreeBSD 10.2-RELEASE-p4 #0: Tue Aug 18 15:15:36 UTC 2015     ro...@amd64-builder.pcbsd.org:/usr/obj/usr/src/sys/GENERIC  amd64

i was originally going to roll my own router but then i noticed that iocage was in the new trueOS and decided to play with that so i could potentiall run snort and dhcp in jails
i was looking at the man pages for iocage and followed the last few lines

if using VNET consider adding the following to /etc/sysctl.conf on the host:

net.inet.ip.forwarding=1       # Enable IP forwarding between interfaces
net.link.bridge.pfil_onlyip=0  # Only pass IP packets when pfil is enabled
net.link.bridge.pfil_bridge=0  # Packet filter on the bridge interface
net.link.bridge.pfil_member=0  # Packet filter on the member interface

but i get this error when i run

sysctl -f /etc/sysctl.conf.
net.inet.ip.forwarding: 1 -> 1
sysctl: unknown oid 'net.link.bridge.pfil_onlyip' at line 2: No such file or directory
sysctl: unknown oid 'net.link.bridge.pfil_bridge' at line 3: No such file or directory
sysctl: unknown oid 'net.link.bridge.pfil_member' at line 4: No such file or directory

any ideas?

here is this if it helps

2015.09.07 11:02:37 admin@trueOSrouter:~ % sysctl -a | grep net.link
net.link.generic.system.ifcount: 6
net.link.ether.inet.max_log_per_second: 1
net.link.ether.inet.allow_multicast: 0
net.link.ether.inet.log_arp_permanent_modify: 1
net.link.ether.inet.log_arp_movements: 1
net.link.ether.inet.log_arp_wrong_iface: 1
net.link.ether.inet.maxhold: 1
net.link.ether.inet.wait: 20
net.link.ether.inet.proxyall: 0
net.link.ether.inet.useloopback: 1
net.link.ether.inet.maxtries: 5
net.link.ether.inet.max_age: 1200
net.link.ether.ipfw: 0
net.link.vlan.soft_pad: 0
net.link.gif.parallel_tunnels: 0
net.link.gif.max_nesting: 1
net.link.tun.devfs_cloning: 1
net.link.log_link_state_change: 1
net.link.ifqmaxlen: 50
2015.09.07 11:02:46 admin@trueOSrouter:~ % kl
kldconfig kldload   kldstat   kldunload kldxref   klist
2015.09.07 11:02:46 admin@trueOSrouter:~ % kld
kldconfig kldload   kldstat   kldunload kldxref
2015.09.07 11:02:46 admin@trueOSrouter:~ % kldstat
Id Refs Address            Size     Name
 1   48 0xffffffff80200000 14f9000  kernel
 2    1 0xffffffff819a0000 22b13    geom_mirror.ko
 3    3 0xffffffff819c3000 32545    crypto.ko
 4    1 0xffffffff819f6000 4f29     aesni.ko
 5    1 0xffffffff819fb000 1f920    geom_eli.ko
 6    1 0xffffffff81a1b000 2dfa92   zfs.ko
 7    2 0xffffffff81cfb000 53ae     opensolaris.ko
 8    2 0xffffffff81e11000 42a0     libiconv.ko
 9    1 0xffffffff81e16000 1565     libmchain.ko
10    1 0xffffffff81e18000 7dc      msdosfs_iconv.ko
11    1 0xffffffff81e19000 672d     sem.ko
12    1 0xffffffff81e20000 56fa     fdescfs.ko
13    1 0xffffffff81e26000 5561     linsysfs.ko
14    1 0xffffffff81e2c000 43834    linux.ko
15    1 0xffffffff81e70000 ddc3     fuse.ko
16    1 0xffffffff81e7e000 112b3    ipfw.ko
17    1 0xffffffff81e90000 c7df     iscsi.ko

[Peter Toth]

You need to have at least one bridge interface created for those sysctls.

Add this line tot into rc.conf or just create the bridge first with ifconfig bridge create

cloned_interfaces="bridge0 bridge1"

--
You received this message because you are subscribed to the Google Groups "iocage" group.
To unsubscribe from this group and stop receiving emails from it, send an email to iocage+un...@googlegroups.com.
To post to this group, send email to ioc...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/iocage/7d72b391-e0ea-46cd-9308-13a024b2ab05%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[i3luefire]

Yep. That was it.
Thanks!