4.0b3, Sol 9: pfil not configured for firewall/NAT operation

Darren,
Installed pfil 2.0 and 4.0beta3 on a netra t1, solaris 9 +
current patches. At boot or "ipfboot start" time I get the
syslog message "pfil not configured for firewall/NAT operation".
I tracked this down to the ipfboot script. The output of the ndd
command in the script is:

# /usr/sbin/ndd /dev/pfil qif_status
ifname ill q OTHERQ ipmp num sap hl nr nw bad copy copyfail drop notip nodata notdata
QIF1 0 30000b96520 30000b96610 0 1 806 0 3056 37 0 0 0 0 0 0 0
hme0 30000054ad0 30000b96cb8 30000b96da8 0 0 800 14 3194 2898 0 0 0 0 0 0 0

What's wrong?

Also, I've noticed that /usr/sbin/ipfstat and
/usr/sbin/ipmon have old dates on the executables (I did a pkgrm
of ipfx ipf 3.4.31 before installing 4.0beta3), so I searched around
and found newer versions in /usr/sbin/sparcv7 and /usr/sbin/sparcv9.
Can the appropriate version for the box get put into /usr/sbin?

And when I try to do "/etc/init.d/ipfboot stop" I always get
"can't unload the module: Device busy".

Is there any kind of "how to use the new features of 4.0" doc for
people who have been using 3.x?

--- Jeff Earickson
Colby College