Date: Fri, 16 Mar 2007 09:32:15 -0300 From: JoaoBR <joao@matik.com.br> To: freebsd-stable@freebsd.org Subject: Re: rc.order wrong (ipfw) Message-ID: <200703160932.16080.joao@matik.com.br> In-Reply-To: <200703161152.l2GBqR9q065684@lurza.secnetix.de> References: <200703161152.l2GBqR9q065684@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 16 March 2007 08:52, Oliver Fromme wrote: > > > > > rcorder: file `/etc/rc.d/ipfw' is before unknown provision > > > > `NETWORKING' rcorder: requirement `ppp' in file `/etc/rc.d/ipfw' h= as > > > > no providers. > > > > > > That sounds like you have accidentally deleted the files > > > /etc/rc.d/NETWORKING and /etc/rc.d/ppp (or forgot to run > > > mergemaster properly after an update). > > > > noo, both are there > > Then they are broken on your machine. Did you check the > "provide" and "require" lines in them? The ordering works > perfectly fine for me on all of my machines. > I checked yes, sure > > even if working as supposed NETWORKING is ordered before syslogd and > > ipfw should better start after syslogd > > No, the packet filter and forwarding rules must be in > effect as early as possible, i.e. before any network > daemons are started (which includes syslogd). There- > fore it must be a requirement of NETWORKING. could you explain your opinion? I don't agree to what you say what sense does it make to have my forward rules up but natd still not? what sense does it makes logging while syslog is not up? > > If IPFW rules where loaded after daemons such as syslogd > are started, that would break several of my machines. > (And on some others which have "default to accept" it > would even open a security hole by introducing a race- > condition.) oops, so what would break there? I thought, the defaults are to support other defaults and not particular=20 settings because freebsd's ipfw default is to deny all and not to accept the security hole you mention I can not see anywhere ipfw is not on by default so you say here that FreeBSD has a default securi= ty=20 hole because it's default is having no ipfw rules? =2D-=20 Jo=E3o A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200703160932.16080.joao>