From owner-svn-src-head@FreeBSD.ORG Mon Jun 1 05:35:04 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 878D5106567A; Mon, 1 Jun 2009 05:35:04 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 75CFF8FC22; Mon, 1 Jun 2009 05:35:04 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n515Z4Bb065283; Mon, 1 Jun 2009 05:35:04 GMT (envelope-from dougb@svn.freebsd.org) Received: (from dougb@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n515Z4qK065272; Mon, 1 Jun 2009 05:35:04 GMT (envelope-from dougb@svn.freebsd.org) Message-Id: <200906010535.n515Z4qK065272@svn.freebsd.org> From: Doug Barton Date: Mon, 1 Jun 2009 05:35:03 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r193198 - head/etc/rc.d X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2009 05:35:05 -0000 Author: dougb Date: Mon Jun 1 05:35:03 2009 New Revision: 193198 URL: http://svn.freebsd.org/changeset/base/193198 Log: Make the pf and ipfw firewalls start before netif, just like ipfilter already does. This eliminates a logical inconsistency, and a small window where the system is open after the network comes up. Modified: head/etc/rc.d/ip6fw head/etc/rc.d/ipfilter head/etc/rc.d/ipfs head/etc/rc.d/ipfw head/etc/rc.d/ipnat head/etc/rc.d/netif head/etc/rc.d/network_ipv6 head/etc/rc.d/pf head/etc/rc.d/pflog head/etc/rc.d/pfsync Modified: head/etc/rc.d/ip6fw ============================================================================== --- head/etc/rc.d/ip6fw Mon Jun 1 04:55:13 2009 (r193197) +++ head/etc/rc.d/ip6fw Mon Jun 1 05:35:03 2009 (r193198) @@ -5,7 +5,6 @@ # PROVIDE: ip6fw # REQUIRE: routing -# BEFORE: network_ipv6 # KEYWORD: nojail . /etc/rc.subr Modified: head/etc/rc.d/ipfilter ============================================================================== --- head/etc/rc.d/ipfilter Mon Jun 1 04:55:13 2009 (r193197) +++ head/etc/rc.d/ipfilter Mon Jun 1 05:35:03 2009 (r193198) @@ -5,7 +5,6 @@ # PROVIDE: ipfilter # REQUIRE: FILESYSTEMS -# BEFORE: netif # KEYWORD: nojail . /etc/rc.subr Modified: head/etc/rc.d/ipfs ============================================================================== --- head/etc/rc.d/ipfs Mon Jun 1 04:55:13 2009 (r193197) +++ head/etc/rc.d/ipfs Mon Jun 1 05:35:03 2009 (r193198) @@ -5,7 +5,6 @@ # PROVIDE: ipfs # REQUIRE: ipnat -# BEFORE: netif # KEYWORD: nojail shutdown . /etc/rc.subr Modified: head/etc/rc.d/ipfw ============================================================================== --- head/etc/rc.d/ipfw Mon Jun 1 04:55:13 2009 (r193197) +++ head/etc/rc.d/ipfw Mon Jun 1 05:35:03 2009 (r193198) @@ -4,8 +4,7 @@ # # PROVIDE: ipfw -# REQUIRE: ppp -# BEFORE: NETWORKING +# REQUIRE: FILESYSTEMS # KEYWORD: nojail . /etc/rc.subr Modified: head/etc/rc.d/ipnat ============================================================================== --- head/etc/rc.d/ipnat Mon Jun 1 04:55:13 2009 (r193197) +++ head/etc/rc.d/ipnat Mon Jun 1 05:35:03 2009 (r193198) @@ -5,7 +5,6 @@ # PROVIDE: ipnat # REQUIRE: ipfilter -# BEFORE: DAEMON netif # KEYWORD: nojail . /etc/rc.subr Modified: head/etc/rc.d/netif ============================================================================== --- head/etc/rc.d/netif Mon Jun 1 04:55:13 2009 (r193197) +++ head/etc/rc.d/netif Mon Jun 1 05:35:03 2009 (r193198) @@ -26,7 +26,8 @@ # # PROVIDE: netif -# REQUIRE: atm1 cleanvar ipfilter FILESYSTEMS serial sppp sysctl +# REQUIRE: atm1 cleanvar FILESYSTEMS serial sppp sysctl +# REQUIRE: ipfilter ipfs pf ipfw # KEYWORD: nojail . /etc/rc.subr Modified: head/etc/rc.d/network_ipv6 ============================================================================== --- head/etc/rc.d/network_ipv6 Mon Jun 1 04:55:13 2009 (r193197) +++ head/etc/rc.d/network_ipv6 Mon Jun 1 05:35:03 2009 (r193198) @@ -29,7 +29,7 @@ # # PROVIDE: network_ipv6 -# REQUIRE: routing +# REQUIRE: routing ip6fw # KEYWORD: nojail . /etc/rc.subr Modified: head/etc/rc.d/pf ============================================================================== --- head/etc/rc.d/pf Mon Jun 1 04:55:13 2009 (r193197) +++ head/etc/rc.d/pf Mon Jun 1 05:35:03 2009 (r193198) @@ -4,7 +4,7 @@ # # PROVIDE: pf -# REQUIRE: FILESYSTEMS netif pflog pfsync +# REQUIRE: FILESYSTEMS pflog pfsync # BEFORE: routing # KEYWORD: nojail Modified: head/etc/rc.d/pflog ============================================================================== --- head/etc/rc.d/pflog Mon Jun 1 04:55:13 2009 (r193197) +++ head/etc/rc.d/pflog Mon Jun 1 05:35:03 2009 (r193198) @@ -4,7 +4,7 @@ # # PROVIDE: pflog -# REQUIRE: FILESYSTEMS netif cleanvar +# REQUIRE: FILESYSTEMS cleanvar # KEYWORD: nojail . /etc/rc.subr Modified: head/etc/rc.d/pfsync ============================================================================== --- head/etc/rc.d/pfsync Mon Jun 1 04:55:13 2009 (r193197) +++ head/etc/rc.d/pfsync Mon Jun 1 05:35:03 2009 (r193198) @@ -4,7 +4,7 @@ # # PROVIDE: pfsync -# REQUIRE: FILESYSTEMS netif +# REQUIRE: FILESYSTEMS # KEYWORD: nojail . /etc/rc.subr