diff --git a/sys/net/bridge.c b/sys/net/bridge.c
index 64f6aad6bd85..c61deaff6bd7 100644
--- a/sys/net/bridge.c
+++ b/sys/net/bridge.c
@@ -95,7 +95,7 @@
 #include "opt_ipfw.h" 
 #include "opt_ipdn.h" 
 
-#if defined(IPFIREWALL) && defined(DUMMYNET)
+#if defined(DUMMYNET)
 #include <net/route.h>
 #include <netinet/ip_fw.h>
 #include <netinet/ip_dummynet.h>
@@ -480,7 +480,6 @@ bdg_forward (struct mbuf **m0, struct ifnet *dst)
 	ifp = dst ;
 	once = 1 ; /* and also canfree */
     }
-#ifdef IPFIREWALL
     /*
      * do filtering in a very similar way to what is done
      * in ip_output. Only for IP packets, and only pass/fail/dummynet
@@ -582,7 +581,6 @@ bdg_forward (struct mbuf **m0, struct ifnet *dst)
 	return 0 ;
     }
 forward:
-#endif /* COMPAT_IPFW */
     if (canfree && once)
 	m = *m0 ;
     else
diff --git a/sys/netinet/in.h b/sys/netinet/in.h
index 1188bdea11d6..1542e247165b 100644
--- a/sys/netinet/in.h
+++ b/sys/netinet/in.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)in.h	8.3 (Berkeley) 1/3/94
- * $Id: in.h,v 1.37 1998/08/23 03:07:14 wollman Exp $
+ * $Id: in.h,v 1.38 1998/12/14 18:09:13 luigi Exp $
  */
 
 #ifndef _NETINET_IN_H_
@@ -321,7 +321,6 @@ struct ip_opts {
 #define IP_FW_FLUSH   		52   /* flush firewall rule chain */
 #define IP_FW_ZERO    		53   /* clear single/all firewall counter(s) */
 #define IP_FW_GET     		54   /* get entire firewall rule chain */
-#define IP_NAT			55   /* set/get NAT opts */
 
 #define	IP_DUMMYNET_CONFIGURE	60   /* add/configure a dummynet pipe */
 #define	IP_DUMMYNET_DEL		61   /* delete a dummynet pipe from chain */
diff --git a/sys/netinet/ip_dummynet.c b/sys/netinet/ip_dummynet.c
index 21e1c7277ac6..26c92a56b32f 100644
--- a/sys/netinet/ip_dummynet.c
+++ b/sys/netinet/ip_dummynet.c
@@ -10,7 +10,7 @@
  *
  * This software is provided ``AS IS'' without any warranties of any kind.
  *
- *	$Id: ip_dummynet.c,v 1.10 1999/03/26 14:15:59 luigi Exp $
+ *	$Id: ip_dummynet.c,v 1.11 1999/04/17 11:09:08 peter Exp $
  */
 
 /*
@@ -39,6 +39,7 @@
 #include <sys/mbuf.h>
 #include <sys/queue.h>			/* XXX */
 #include <sys/kernel.h>
+#include <sys/module.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 #include <sys/time.h>
@@ -587,7 +588,7 @@ ip_dn_ctl(struct sockopt *sopt)
     return error ;
 }
 
-void
+static void
 ip_dn_init(void)
 {
     printf("DUMMYNET initialized (990326) -- size dn_pkt %d\n",
@@ -596,11 +597,7 @@ ip_dn_init(void)
     ip_dn_ctl_ptr = ip_dn_ctl;
 }
 
-#ifdef DUMMYNET_MODULE
-
-#include <sys/module.h>
-
-static ip_dn_ctl_t *old_dn_ctl_ptr ;
+static ip_dn_ctl_t *old_dn_ctl_ptr;
 
 static int
 dummynet_modevent(module_t mod, int type, void *data)
@@ -619,7 +616,6 @@ dummynet_modevent(module_t mod, int type, void *data)
 		ip_dn_ctl_ptr = old_dn_ctl_ptr;
 		splx(s);
 		dummynet_flush();
-		printf("DUMMYNET unloaded\n");
 		break;
 	default:
 		break;
@@ -632,5 +628,4 @@ static moduledata_t dummynet_mod = {
 	dummynet_modevent,
 	NULL
 };
-DECLARE_MODULE(dummynet, dummynet_mod, SI_SUB_PSEUDO, SI_ORDER_ANY)
-#endif
+DECLARE_MODULE(dummynet, dummynet_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
diff --git a/sys/netinet/ip_dummynet.h b/sys/netinet/ip_dummynet.h
index e43dffa264c1..c0bb0e33492a 100644
--- a/sys/netinet/ip_dummynet.h
+++ b/sys/netinet/ip_dummynet.h
@@ -10,7 +10,7 @@
  *
  * This software is provided ``AS IS'' without any warranties of any kind.
  *
- *	$Id: ip_dummynet.h,v 1.2 1998/12/14 18:09:13 luigi Exp $
+ *	$Id: ip_dummynet.h,v 1.3 1999/01/23 23:59:50 archie Exp $
  */
 
 #ifndef _IP_DUMMYNET_H
@@ -105,7 +105,6 @@ MALLOC_DECLARE(M_IPFW);
 typedef int ip_dn_ctl_t __P((struct sockopt *)) ;
 extern ip_dn_ctl_t *ip_dn_ctl_ptr;
 
-void ip_dn_init(void);	/* called in ip_input.c */
 void dn_rule_delete(void *r);		/* used in ip_fw.c */
 int dummynet_io(int pipe, int dir,
 	struct mbuf *m, struct ifnet *ifp, struct route *ro, int hlen,
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c
index 7bfbf9e709c0..f1cc49923f1e 100644
--- a/sys/netinet/ip_fw.c
+++ b/sys/netinet/ip_fw.c
@@ -12,7 +12,7 @@
  *
  * This software is provided ``AS IS'' without any warranties of any kind.
  *
- *	$Id: ip_fw.c,v 1.105 1999/03/30 23:45:34 nsayer Exp $
+ *	$Id: ip_fw.c,v 1.106 1999/04/17 08:56:38 peter Exp $
  */
 
 /*
@@ -1276,7 +1276,6 @@ ip_fw_init(void)
 static ip_fw_chk_t *old_chk_ptr;
 static ip_fw_ctl_t *old_ctl_ptr;
 
-#if defined(IPFIREWALL_MODULE)
 static int
 ipfw_modevent(module_t mod, int type, void *unused)
 {
@@ -1306,7 +1305,6 @@ ipfw_modevent(module_t mod, int type, void *unused)
 		}
 	
 		splx(s);
-		printf("IP firewall unloaded\n");
 		return 0;
 	default:
 		break;
@@ -1320,4 +1318,3 @@ static moduledata_t ipfwmod = {
 	0
 };
 DECLARE_MODULE(ipfw, ipfwmod, SI_SUB_PSEUDO, SI_ORDER_ANY);
-#endif
diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h
index a4cee76ed8e0..3dc3c0ef081f 100644
--- a/sys/netinet/ip_fw.h
+++ b/sys/netinet/ip_fw.h
@@ -11,7 +11,7 @@
  *
  * This software is provided ``AS IS'' without any warranties of any kind.
  *
- *	$Id: ip_fw.h,v 1.35 1998/09/02 19:14:01 phk Exp $
+ *	$Id: ip_fw.h,v 1.36 1998/12/14 18:09:13 luigi Exp $
  */
 
 #ifndef _IP_FW_H
@@ -198,14 +198,6 @@ typedef	int ip_fw_ctl_t __P((struct sockopt *));
 extern	ip_fw_chk_t *ip_fw_chk_ptr;
 extern	ip_fw_ctl_t *ip_fw_ctl_ptr;
 
-/* IP NAT hooks */
-typedef	int ip_nat_t __P((struct ip **, struct mbuf **, struct ifnet *, int));
-typedef	int ip_nat_ctl_t __P((struct sockopt *));
-extern	ip_nat_t *ip_nat_ptr;
-extern	ip_nat_ctl_t *ip_nat_ctl_ptr;
-#define	IP_NAT_IN	0x00000001
-#define	IP_NAT_OUT	0x00000002
-
 #endif /* KERNEL */
 
 #endif /* _IP_FW_H */
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index dc8214e50f0a..a463cd9795fb 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)ip_input.c	8.2 (Berkeley) 1/4/94
- *	$Id: ip_input.c,v 1.115 1999/02/22 18:19:57 des Exp $
+ *	$Id: ip_input.c,v 1.116 1999/03/12 01:15:57 julian Exp $
  */
 
 #define	_IP_VHL
@@ -73,9 +73,7 @@
 
 #include <sys/socketvar.h>
 
-#ifdef IPFIREWALL
 #include <netinet/ip_fw.h>
-#endif
 
 #ifdef DUMMYNET
 #include <netinet/ip_dummynet.h>
@@ -145,16 +143,6 @@ SYSCTL_INT(_net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW,
     &ipstealth, 0, "");
 #endif
 
-#if !defined(COMPAT_IPFW) || COMPAT_IPFW == 1
-#undef COMPAT_IPFW
-#define COMPAT_IPFW 1
-#else
-#undef COMPAT_IPFW
-#endif
-
-#ifdef COMPAT_IPFW
-
-#include <netinet/ip_fw.h>
 
 /* Firewall hooks */
 ip_fw_chk_t *ip_fw_chk_ptr;
@@ -164,11 +152,6 @@ ip_fw_ctl_t *ip_fw_ctl_ptr;
 ip_dn_ctl_t *ip_dn_ctl_ptr;
 #endif
 
-/* IP Network Address Translation (NAT) hooks */ 
-ip_nat_t *ip_nat_ptr;
-ip_nat_ctl_t *ip_nat_ctl_ptr;
-#endif
-
 #if defined(IPFILTER_LKM) || defined(IPFILTER)
 int iplattach __P((void));
 int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)) = NULL;
@@ -239,12 +222,6 @@ ip_init()
 
 	ip_id = time_second & 0xffff;
 	ipintrq.ifq_maxlen = ipqmaxlen;
-#ifdef DUMMYNET
-	ip_dn_init();
-#endif
-#ifdef IPNAT
-        ip_nat_init(); 
-#endif
 #ifdef IPFILTER
         iplattach(); 
 #endif
@@ -269,9 +246,7 @@ ip_input(struct mbuf *m)
 #ifndef IPDIVERT /* dummy variable for the firewall code to play with */
         u_short ip_divert_cookie = 0 ;
 #endif
-#ifdef COMPAT_IPFW
 	struct ip_fw_chain *rule = NULL ;
-#endif
 
 #if defined(IPFIREWALL) && defined(DUMMYNET)
         /*
@@ -391,7 +366,6 @@ ip_input(struct mbuf *m)
 		ip = mtod(m = m1, struct ip *);
 	}
 #endif
-#ifdef COMPAT_IPFW
 	if (ip_fw_chk_ptr) {
 #ifdef IPFIREWALL_FORWARD
 		/*
@@ -437,14 +411,6 @@ ip_input(struct mbuf *m)
 	}
 pass:
 
-        if (ip_nat_ptr && !(*ip_nat_ptr)(&ip, &m, m->m_pkthdr.rcvif, IP_NAT_IN)) {
-#ifdef IPFIREWALL_FORWARD
-		ip_fw_fwd_addr = NULL;
-#endif
-		return;
-	}
-#endif	/* !COMPAT_IPFW */
-
 	/*
 	 * Process options and, if not destined for us,
 	 * ship it on.  ip_dooptions returns 1 when an
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index e75ec869c66a..d40d9f4952ed 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)ip_output.c	8.3 (Berkeley) 1/21/94
- *	$Id: ip_output.c,v 1.86 1999/02/19 18:32:55 luigi Exp $
+ *	$Id: ip_output.c,v 1.87 1999/03/16 12:06:11 luigi Exp $
  */
 
 #define _IP_VHL
@@ -67,16 +67,7 @@
 
 static MALLOC_DEFINE(M_IPMOPTS, "ip_moptions", "internet multicast options");
 
-#if !defined(COMPAT_IPFW) || COMPAT_IPFW == 1
-#undef COMPAT_IPFW
-#define COMPAT_IPFW 1
-#else
-#undef COMPAT_IPFW
-#endif
-
-#ifdef COMPAT_IPFW
 #include <netinet/ip_fw.h>
-#endif
 
 #ifdef DUMMYNET
 #include <netinet/ip_dummynet.h>
@@ -139,9 +130,7 @@ ip_output(m0, opt, ro, flags, imo)
 #ifndef IPDIVERT /* dummy variable for the firewall code to play with */
         u_short ip_divert_cookie = 0 ;
 #endif
-#ifdef COMPAT_IPFW
 	struct ip_fw_chain *rule = NULL ;
-#endif
 
 #if defined(IPFIREWALL) && defined(DUMMYNET)
         /*  
@@ -424,12 +413,6 @@ ip_output(m0, opt, ro, flags, imo)
 	}
 #endif
 
-#ifdef COMPAT_IPFW
-        if (ip_nat_ptr && !(*ip_nat_ptr)(&ip, &m, ifp, IP_NAT_OUT)) {
-		error = EACCES; 
-		goto done;
-	}
-
 	/*
 	 * Check with the firewall...
 	 */
@@ -468,7 +451,7 @@ ip_output(m0, opt, ro, flags, imo)
                      * XXX note: if the ifp or ro entry are deleted
                      * while a pkt is in dummynet, we are in trouble!
                      */ 
-                    dummynet_io(off & 0xffff, DN_TO_IP_OUT, m,ifp,ro,dst,rule);
+                    dummynet_io(off & 0xffff, DN_TO_IP_OUT, m,ifp,ro,hlen,rule);
 			goto done;
 		}
 #endif   
@@ -590,7 +573,6 @@ ip_output(m0, opt, ro, flags, imo)
                 error = EACCES; /* not sure this is the right error msg */
                 goto done;
 	}
-#endif /* COMPAT_IPFW */
 
 pass:
 	/*
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c
index 1dd361822dd2..57da1d301c50 100644
--- a/sys/netinet/raw_ip.c
+++ b/sys/netinet/raw_ip.c
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)raw_ip.c	8.7 (Berkeley) 5/15/95
- *	$Id: raw_ip.c,v 1.55 1998/08/23 03:07:14 wollman Exp $
+ *	$Id: raw_ip.c,v 1.56 1998/12/14 18:09:13 luigi Exp $
  */
 
 #include <sys/param.h>
@@ -65,12 +65,6 @@
 #ifdef DUMMYNET
 #include <netinet/ip_dummynet.h>
 #endif
-#if !defined(COMPAT_IPFW) || COMPAT_IPFW == 1
-#undef COMPAT_IPFW
-#define COMPAT_IPFW 1
-#else
-#undef COMPAT_IPFW
-#endif
 
 static struct inpcbhead ripcb;
 static struct inpcbinfo ripcbinfo;
@@ -249,7 +243,6 @@ rip_ctloutput(so, sopt)
 			error = sooptcopyout(sopt, &optval, sizeof optval);
 			break;
 
-#ifdef COMPAT_IPFW
 		case IP_FW_GET:
 			if (ip_fw_ctl_ptr == 0)
 				error = ENOPROTOOPT;
@@ -257,12 +250,6 @@ rip_ctloutput(so, sopt)
 				error = ip_fw_ctl_ptr(sopt);
 			break;
 
-		case IP_NAT:
-			if (ip_nat_ctl_ptr == 0)
-				error = ENOPROTOOPT;
-			else
-				error = ip_nat_ctl_ptr(sopt);
-			break;
 #ifdef DUMMYNET
 		case IP_DUMMYNET_GET:
 			if (ip_dn_ctl_ptr == NULL)
@@ -271,7 +258,6 @@ rip_ctloutput(so, sopt)
 				error = ip_dn_ctl_ptr(sopt);
 			break ;
 #endif /* DUMMYNET */
-#endif /* COMPAT_IPFW */
 
 		case MRT_INIT:
 		case MRT_DONE:
@@ -303,7 +289,6 @@ rip_ctloutput(so, sopt)
 				inp->inp_flags &= ~INP_HDRINCL;
 			break;
 
-#ifdef COMPAT_IPFW
 		case IP_FW_ADD:
 		case IP_FW_DEL:
 		case IP_FW_FLUSH:
@@ -314,12 +299,6 @@ rip_ctloutput(so, sopt)
 				error = ip_fw_ctl_ptr(sopt);
 			break;
 
-		case IP_NAT:
-			if (ip_nat_ctl_ptr == 0)
-				error = ENOPROTOOPT;
-			else
-				error = ip_nat_ctl_ptr(sopt);
-			break;
 #ifdef DUMMYNET
 		case IP_DUMMYNET_CONFIGURE:
 		case IP_DUMMYNET_DEL:
@@ -330,7 +309,6 @@ rip_ctloutput(so, sopt)
 				error = ip_dn_ctl_ptr(sopt);
 			break ;
 #endif
-#endif /* COMPAT_IPFW */
 
 		case IP_RSVP_ON:
 			error = ip_rsvp_init(so);