Date: Sat, 15 Nov 2003 15:21:34 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Hajimu UMEMOTO <ume@mahoroba.org> Cc: freebsd-current@freebsd.org Subject: Re: /etc/rc.d/ipsec starts not in time Message-ID: <3FB6B4FE.4C1AF03C@mindspring.com> References: <E1AGIbn-0001Ux-7o@cub.org.ua> <ygefzgpq508.wl%ume@mahoroba.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hajimu UMEMOTO wrote: > >>>>> Kostyuk Oleg <cub@cub.org.ua> said: > > cub> Problem is in order of starting /etc/rc.d/ipsec. > cub> It must start BEFORE any network interaction, > cub> may be even before configuring interfaces. > cub> But I not sure in case with diskless mashines. > > cub> -# BEFORE: DAEMON > cub> +# BEFORE: NETWORK > > It is not sufficient. There is setkey(8) in /usr/sbin. It means that > we cannot protect NFS exported /usr by IPsec. If there is no > objection, I wish to move setkey(8) into /sbin like NetBSD did. This type of order inversion is common. Can we simply delay exportation until later in the boot process? Wouldn't this have the same effect? -- Terry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FB6B4FE.4C1AF03C>