Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 19 Jun 2007 00:30:12 GMT
From:      Sean McNeil <sean@mcneil.com>
To:        freebsd-ipfw@FreeBSD.org
Subject:   Re: conf/78762: [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewall_script not read it
Message-ID:  <200706190030.l5J0UCOs082451@freefall.freebsd.org>

Next in thread | Raw E-Mail | Index | Archive | Help
The following reply was made to PR conf/78762; it has been noted by GNATS.

From: Sean McNeil <sean@mcneil.com>
To: bug-followup@FreeBSD.org, jonw@whoweb.com
Cc:  
Subject: Re: conf/78762: [ipfw] [patch] /etc/rc.d/ipfw should excecute
	$firewall_script not read it
Date: Mon, 18 Jun 2007 17:05:45 -0700

 This is a bad idea and has broken the new feature of rcNG allowing us to
 place options into /etc/rc.conf.d/ipfw and /etc/rc.conf.d/ip6fw.  The
 commit to src/etc/rc.d/ipfw revision 1.15 and src/etc/rc.d/ip6fw 1.9
 have now broken this basic concept.
 
 IMHO, the correct thing is: Don't use exit in your firewall script.  I
 offer 3 solutions, however, below.
 
 What has been broken:
 
 /etc/rc.conf.d/ipfw
 	firewall_enable="YES"
 	firewall_type="/etc/fw/rc.firewall.rules"
 
 /etc/rc.conf.d/ip6fw
 	ipv6_firewall_enable="YES"
 	ipv6_firewall_type="/etc/fw/rc.firewall6.rules"
 
 Now, this no longer works and I must once again pollute and move more
 stuff back into /etc/rc.conf.  Namely,
 
 	firewall_type="/etc/fw/rc.firewall.rules"
 	ipv6_firewall_type="/etc/fw/rc.firewall6.rules"
 
 must now be in /etc/rc.conf or /etc/rc.conf.local.
 
 Solution:
 
 1) revert to sourcing the rc.firewall script.
 2) Fix rc.firewall and rc.firewall6 to somehow get stuff
 from /etc/rc.conf.d as it should (as ipfw and ip6fw?).
 3) completely remove rc.conf.d support as more things fail to work with
 it.
 
 



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?200706190030.l5J0UCOs082451>