From owner-freebsd-stable Tue Oct 22 14:17:56 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ADB0737B401 for ; Tue, 22 Oct 2002 14:17:54 -0700 (PDT) Received: from kanga.honeypot.net (kanga.honeypot.net [208.162.254.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 473CC43E65 for ; Tue, 22 Oct 2002 14:17:53 -0700 (PDT) (envelope-from kirk@strauser.com) Received: from pooh.int (mail@pooh.int [10.0.1.2]) by kanga.honeypot.net (8.12.6/8.12.6) with ESMTP id g9MLHekr006229 for ; Tue, 22 Oct 2002 16:17:40 -0500 (CDT) (envelope-from kirk@strauser.com) Received: from kirk by pooh.int with local (Exim 3.36 #1 (Debian)) id 1846PE-0007a2-00 for ; Tue, 22 Oct 2002 16:17:40 -0500 To: freebsd-stable@freebsd.org Subject: Still no 'ipf -6' support in the rc scripts? From: Kirk Strauser Date: 22 Oct 2002 16:17:40 -0500 Message-ID: <87d6q29nrf.fsf@pooh.int> Lines: 43 X-Mailer: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG It seems that FreeBSD 4.7-STABLE still does not support IPFilter+IPv6 in its /etc/rc.* scripts. This is very inconvenient, because it forces IPv6 initialization to occur in the /usr/local/etc/rc.d scripts at the very earliest. I've patched my rc.conf and /etc/rc.network6 to support very simple IPFilter+IPv6 setup. Is there any reason that something similar is not official yet, or is it just something that noone's been particularly interested in fixing yet? My (not well-tested) patches: +++ /etc/rc.conf ipfilter6_enable="YES" ipfilter6_rules="/etc/ipf6.rules" ipfilter6_flags="" --- /usr/src/etc/rc.network6 Thu Jul 25 08:58:52 2002 +++ /etc/rc.network6 Tue Oct 22 11:46:09 2002 @@ -45,6 +45,19 @@ ipv6_firewall_in_kernel=0 fi + case "${ipfilter6_enable}" in + [Yy][Ee][Ss]) + if [ -r "${ipfilter6_rules}" ]; then + echo -n ' ipfilter' + ${ipfilter_program:-/sbin/ipf} -6 -f \ + "${ipfilter6_rules}" ${ipfilter6_flags} + else + ipfilter_enable="NO" + echo -n ' NO IPF6 RULES' + fi + ;; + esac + case ${ipv6_firewall_enable} in [Yy][Ee][Ss]) if [ "${ipv6_firewall_in_kernel}" -eq 0 ] && kldload ip6fw; then -- Kirk Strauser In Googlis non est, ergo non est. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message