From owner-freebsd-stable@FreeBSD.ORG Fri Mar 16 11:52:35 2007 Return-Path: X-Original-To: freebsd-stable@FreeBSD.ORG Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2B96116A479 for ; Fri, 16 Mar 2007 11:52:35 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.freebsd.org (Postfix) with ESMTP id 7869813C46C for ; Fri, 16 Mar 2007 11:52:34 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (fqpszc@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.4/8.13.4) with ESMTP id l2GBqRUg065685; Fri, 16 Mar 2007 12:52:33 +0100 (CET) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.4/8.13.1/Submit) id l2GBqR9q065684; Fri, 16 Mar 2007 12:52:27 +0100 (CET) (envelope-from olli) Date: Fri, 16 Mar 2007 12:52:27 +0100 (CET) Message-Id: <200703161152.l2GBqR9q065684@lurza.secnetix.de> From: Oliver Fromme To: freebsd-stable@FreeBSD.ORG, joao@matik.com.br In-Reply-To: <200703160831.38790.joao@matik.com.br> X-Newsgroups: list.freebsd-stable User-Agent: tin/1.8.2-20060425 ("Shillay") (UNIX) (FreeBSD/4.11-STABLE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Fri, 16 Mar 2007 12:52:33 +0100 (CET) Cc: Subject: Re: rc.order wrong (ipfw) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-stable@FreeBSD.ORG, joao@matik.com.br List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Mar 2007 11:52:35 -0000 JoaoBR wrote: > On Friday 16 March 2007 07:51, Oliver Fromme wrote: > > JoaoBR wrote: > > > since some time now it seems ipfw starts first of all, I think that is > > > not correct > > > > No, it starts after networking is up, which is the correct > > behaviour, I think. > > it should Sorry, I made a typo there. Of course IPFW rules must be in effect as a prerequisite to NETWORKING. So I meant to say _before_, not after. > > > > rcorder: file `/etc/rc.d/ipfw' is before unknown provision `NETWORKING' > > > rcorder: requirement `ppp' in file `/etc/rc.d/ipfw' has no providers. > > > > That sounds like you have accidentally deleted the files > > /etc/rc.d/NETWORKING and /etc/rc.d/ppp (or forgot to run > > mergemaster properly after an update). > > noo, both are there Then they are broken on your machine. Did you check the "provide" and "require" lines in them? The ordering works perfectly fine for me on all of my machines. > even if working as supposed NETWORKING is ordered before syslogd and ipfw > should better start after syslogd No, the packet filter and forwarding rules must be in effect as early as possible, i.e. before any network daemons are started (which includes syslogd). There- fore it must be a requirement of NETWORKING. If IPFW rules where loaded after daemons such as syslogd are started, that would break several of my machines. (And on some others which have "default to accept" it would even open a security hole by introducing a race- condition.) Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "Python tricks" is a tough one, cuz the language is so clean. E.g., C makes an art of confusing pointers with arrays and strings, which leads to lotsa neat pointer tricks; APL mistakes everything for an array, leading to neat one-liners; and Perl confuses everything period, making each line a joyous adventure . -- Tim Peters