Date: 29 Jun 2000 01:21:03 +0200 From: Cyrille Lefevre <clefevre@no-spam.citeweb.net> To: Doug Barton <DougB@gorean.org> Cc: Gerhard Sittig <Gerhard.Sittig@gmx.net>, security@FreeBSD.ORG Subject: Re: ipfilter hooks in rc.network Message-ID: <7lb9xuhs.fsf@pc166.gits.fr> In-Reply-To: Doug Barton's message of "Mon, 26 Jun 2000 23:41:06 -0700" References: <20000626220852.M9883@speedy.gsinet> <39584C82.988B2F1B@gorean.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Doug Barton <DougB@gorean.org> writes:
> Gerhard Sittig wrote:
>
> First, I'm not sure that -security is the right list for this, -current
> or -hackers might be better. Second, while I support adding the ability
> to more closely integrate ipfilter into the base, your patch's style is
> drastically out of synch with the changes introduced recently. The
> following is better style.
>
> case ${ipfilter_enable} in
> [Yy][Ee][Ss])
> if [ -r "${ipfilter_rules}" ]; then
> echo -n ' ipfilter'
> ipf -Fa -f ${ipfilter_rules}
> fi
> case ${ipmon_flags} in
> [Nn][Oo] | '')
> ;;
> *)
> echo -n ' ipmon'
> ipmon ${ipmon_flags}
> ;;
> esac
> case ${ipnat} in
${ipnat_enable} I suppose :)
> [Yy][Ee][Ss])
> if [ -r "${ipnat_rules}" ]; then
> echo -n ' ipnat'
> ipnat -CF -f ${ipnat_rules}
> else
> echo -n ' ipnat enabled but no rules!'
> fi
> ;;
> esac
> ;;
> esac
what about adding ${ipfilter_flags} and ${ipnet_flags} also,
respectively after ${ipfilter_rules} and ${ipnat_rules} ?
Cyrille.
--
home:mailto:clefevre@no-spam.citeweb.net Supprimer "no-spam." pour me repondre.
work:mailto:Cyrille.Lefevre@no-spam.edf.fr Remove "no-spam." to answer me back.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7lb9xuhs.fsf>