Date: 22 Oct 2002 16:17:40 -0500 From: Kirk Strauser <kirk@strauser.com> To: freebsd-stable@freebsd.org Subject: Still no 'ipf -6' support in the rc scripts? Message-ID: <87d6q29nrf.fsf@pooh.int>
next in thread | raw e-mail | index | archive | help
It seems that FreeBSD 4.7-STABLE still does not support IPFilter+IPv6 in its
/etc/rc.* scripts. This is very inconvenient, because it forces IPv6
initialization to occur in the /usr/local/etc/rc.d scripts at the very
earliest.
I've patched my rc.conf and /etc/rc.network6 to support very simple
IPFilter+IPv6 setup. Is there any reason that something similar is not
official yet, or is it just something that noone's been particularly
interested in fixing yet?
My (not well-tested) patches:
+++ /etc/rc.conf
ipfilter6_enable="YES"
ipfilter6_rules="/etc/ipf6.rules"
ipfilter6_flags=""
--- /usr/src/etc/rc.network6 Thu Jul 25 08:58:52 2002
+++ /etc/rc.network6 Tue Oct 22 11:46:09 2002
@@ -45,6 +45,19 @@
ipv6_firewall_in_kernel=0
fi
+ case "${ipfilter6_enable}" in
+ [Yy][Ee][Ss])
+ if [ -r "${ipfilter6_rules}" ]; then
+ echo -n ' ipfilter'
+ ${ipfilter_program:-/sbin/ipf} -6 -f \
+ "${ipfilter6_rules}" ${ipfilter6_flags}
+ else
+ ipfilter_enable="NO"
+ echo -n ' NO IPF6 RULES'
+ fi
+ ;;
+ esac
+
case ${ipv6_firewall_enable} in
[Yy][Ee][Ss])
if [ "${ipv6_firewall_in_kernel}" -eq 0 ] && kldload ip6fw; then
--
Kirk Strauser
In Googlis non est, ergo non est.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87d6q29nrf.fsf>