Date: Tue, 23 Oct 2001 01:25:12 +0300 From: Giorgos Keramidas <charon@labs.gr> To: Darren Reed <darrenr@FreeBSD.ORG> Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.network Message-ID: <20011023012512.A1596@hades.hell.gr> In-Reply-To: <200110200446.f9K4kWo53849@freefall.freebsd.org> References: <200110200446.f9K4kWo53849@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--kvUQC+jR9YzypDnK
Content-Type: text/PLAIN; charset=us-ascii
Content-Disposition: inline
> darrenr 2001/10/19 21:46:32 PDT
>
> Modified files:
> etc rc.network
> Log:
> Do an ipf -y after bringing up ppp to ensure rules which mention ppp get
> matched. Moification on PR to handle ipnat not being dependant on
> ipfilter_enable
With ipfilter_program set to "/sbin/ipf -Fa -f" (as rc.conf(5) says)
in /etc/defaults/rc.conf, this change breaks rc.network in the part
that calls `ipf -y'. The code calls:
${ipfilter_program:-/sbin/ipf -y}
and ipfilter_program is set to `/sbin/ipf -Fa -f' which results in the
command being called without ${ipfilter_rules} after -f. Perhaps you
meant to write :+ instead of :- ?
Trying to make this work, I've tested on my current box, compiled
today, the attached patch. If ipfilter_program is not set, it uses
`/sbin/ipf -y' but if it is set to something it strips everything
following the first space in ipfilter_program and calls the first
`word' with -y option.
The other option would be to remove any command-line options from
ipfilter_program and move them to ipfilter_flags, but if that is done,
the rc.conf.5 needs to be updated too, and it changes the way things
were done until now :-/
-giorgos
--kvUQC+jR9YzypDnK
Content-Type: text/PLAIN; charset=US-ASCII;
name="diff.2001.10.23.01.00.ipfilter"
Content-Disposition: attachment; filename="diff.2001.10.23.01.00.ipfilter"
Content-Transfer-Encoding: base64
SW5kZXg6IHJjLm5ldHdvcmsNCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NClJDUyBmaWxlOiAvaG9tZS9uY3Zz
L3NyYy9ldGMvcmMubmV0d29yayx2DQpyZXRyaWV2aW5nIHJldmlzaW9uIDEuMTA5DQpkaWZm
IC11IC1yMS4xMDkgcmMubmV0d29yaw0KLS0tIHJjLm5ldHdvcmsJMjAgT2N0IDIwMDEgMDQ6
NDY6MzIgLTAwMDAJMS4xMDkNCisrKyByYy5uZXR3b3JrCTIyIE9jdCAyMDAxIDIxOjU3OjM5
IC0wMDAwDQpAQCAtMjc5LDEyICsyNzksMjQgQEANCiAJIw0KIAljYXNlICR7aXBmaWx0ZXJf
ZW5hYmxlfSBpbg0KIAlbWXldW0VlXVtTc10pDQotCQkke2lwZmlsdGVyX3Byb2dyYW06LS9z
YmluL2lwZiAteX0NCisJCWlmIFsgWCIke2lwZmlsdGVyX3Byb2dyYW19IiA9IFgiIiBdOyB0
aGVuDQorCQkJaXBmaWx0ZXJfcHJvZ3JhbT0iL3NiaW4vaXBmIC15Ig0KKwkJZWxzZQ0KKwkJ
CWlwZmlsdGVyX3Byb2dyYW09IiR7aXBmaWx0ZXJfcHJvZ3JhbSUlICp9IC15Ig0KKwkJZmkN
CisJCWVjaG8gLW4gIlN5bmNocm9uaXppbmcgaXBmaWx0ZXIgd2l0aCBuZXR3b3JrIGludGVy
ZmFjZXM6ICINCisJCSR7aXBmaWx0ZXJfcHJvZ3JhbX0NCiAJCTs7DQogCSopDQogCQljYXNl
ICR7aXBuYXRfZW5hYmxlfSBpbg0KIAkJW1l5XVtFZV1bU3NdKQ0KLQkJCSR7aXBmaWx0ZXJf
cHJvZ3JhbTotL3NiaW4vaXBmIC15fQ0KKwkJCWlmIFsgWCIke2lwZmlsdGVyX3Byb2dyYW19
IiA9IFgiIiBdOyB0aGVuDQorCQkJCWlwZmlsdGVyX3Byb2dyYW09Ii9zYmluL2lwZiAteSIN
CisJCQllbHNlDQorCQkJCWlwZmlsdGVyX3Byb2dyYW09IiR7aXBmaWx0ZXJfcHJvZ3JhbSUl
ICp9IC15Ig0KKwkJCWZpDQorCQkJZWNobyAtbiAiU3luY2hyb25pemluZyBpcGZpbHRlciB3
aXRoIG5ldHdvcmsgaW50ZXJmYWNlczogIg0KKwkJCSR7aXBmaWx0ZXJfcHJvZ3JhbX0NCiAJ
CQk7Ow0KIAkJZXNhYw0KIAllc2FjDQo=
--kvUQC+jR9YzypDnK--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011023012512.A1596>