From owner-freebsd-stable@FreeBSD.ORG Fri Mar 16 12:31:42 2007 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3049D16A405 for ; Fri, 16 Mar 2007 12:31:42 +0000 (UTC) (envelope-from joao@matik.com.br) Received: from msrv.matik.com.br (msrv.matik.com.br [200.152.83.14]) by mx1.freebsd.org (Postfix) with ESMTP id 7064313C4C3 for ; Fri, 16 Mar 2007 12:31:41 +0000 (UTC) (envelope-from joao@matik.com.br) Received: from ap-h.matik.com.br (ap-h.matik.com.br [200.152.83.36]) by msrv.matik.com.br (8.13.8/8.13.1) with ESMTP id l2GCVdh4045856 for ; Fri, 16 Mar 2007 09:31:39 -0300 (BRT) (envelope-from joao@matik.com.br) From: JoaoBR Organization: Infomatik To: freebsd-stable@freebsd.org Date: Fri, 16 Mar 2007 09:32:15 -0300 User-Agent: KMail/1.9.5 References: <200703161152.l2GBqR9q065684@lurza.secnetix.de> In-Reply-To: <200703161152.l2GBqR9q065684@lurza.secnetix.de> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200703160932.16080.joao@matik.com.br> X-Virus-Scanned: ClamAV version 0.88.4, clamav-milter version 0.88.4 on msrv.matik.com.br X-Virus-Status: Clean Subject: Re: rc.order wrong (ipfw) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Mar 2007 12:31:42 -0000 On Friday 16 March 2007 08:52, Oliver Fromme wrote: > > > > > rcorder: file `/etc/rc.d/ipfw' is before unknown provision > > > > `NETWORKING' rcorder: requirement `ppp' in file `/etc/rc.d/ipfw' h= as > > > > no providers. > > > > > > That sounds like you have accidentally deleted the files > > > /etc/rc.d/NETWORKING and /etc/rc.d/ppp (or forgot to run > > > mergemaster properly after an update). > > > > noo, both are there > > Then they are broken on your machine. Did you check the > "provide" and "require" lines in them? The ordering works > perfectly fine for me on all of my machines. > I checked yes, sure > > even if working as supposed NETWORKING is ordered before syslogd and > > ipfw should better start after syslogd > > No, the packet filter and forwarding rules must be in > effect as early as possible, i.e. before any network > daemons are started (which includes syslogd). There- > fore it must be a requirement of NETWORKING. could you explain your opinion? I don't agree to what you say what sense does it make to have my forward rules up but natd still not? what sense does it makes logging while syslog is not up? > > If IPFW rules where loaded after daemons such as syslogd > are started, that would break several of my machines. > (And on some others which have "default to accept" it > would even open a security hole by introducing a race- > condition.) oops, so what would break there? I thought, the defaults are to support other defaults and not particular=20 settings because freebsd's ipfw default is to deny all and not to accept the security hole you mention I can not see anywhere ipfw is not on by default so you say here that FreeBSD has a default securi= ty=20 hole because it's default is having no ipfw rules? =2D-=20 Jo=E3o A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br