Date: 29 Jun 2000 01:21:03 +0200 From: Cyrille Lefevre <clefevre@no-spam.citeweb.net> To: Doug Barton <DougB@gorean.org> Cc: Gerhard Sittig <Gerhard.Sittig@gmx.net>, security@FreeBSD.ORG Subject: Re: ipfilter hooks in rc.network Message-ID: <7lb9xuhs.fsf@pc166.gits.fr> In-Reply-To: Doug Barton's message of "Mon, 26 Jun 2000 23:41:06 -0700" References: <20000626220852.M9883@speedy.gsinet> <39584C82.988B2F1B@gorean.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Doug Barton <DougB@gorean.org> writes: > Gerhard Sittig wrote: > > First, I'm not sure that -security is the right list for this, -current > or -hackers might be better. Second, while I support adding the ability > to more closely integrate ipfilter into the base, your patch's style is > drastically out of synch with the changes introduced recently. The > following is better style. > > case ${ipfilter_enable} in > [Yy][Ee][Ss]) > if [ -r "${ipfilter_rules}" ]; then > echo -n ' ipfilter' > ipf -Fa -f ${ipfilter_rules} > fi > case ${ipmon_flags} in > [Nn][Oo] | '') > ;; > *) > echo -n ' ipmon' > ipmon ${ipmon_flags} > ;; > esac > case ${ipnat} in ${ipnat_enable} I suppose :) > [Yy][Ee][Ss]) > if [ -r "${ipnat_rules}" ]; then > echo -n ' ipnat' > ipnat -CF -f ${ipnat_rules} > else > echo -n ' ipnat enabled but no rules!' > fi > ;; > esac > ;; > esac what about adding ${ipfilter_flags} and ${ipnet_flags} also, respectively after ${ipfilter_rules} and ${ipnat_rules} ? Cyrille. -- home:mailto:clefevre@no-spam.citeweb.net Supprimer "no-spam." pour me repondre. work:mailto:Cyrille.Lefevre@no-spam.edf.fr Remove "no-spam." to answer me back. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7lb9xuhs.fsf>