Date: Sun, 22 Nov 2009 11:12:33 -0800 From: Doug Barton <dougb@FreeBSD.org> To: Hajimu UMEMOTO <ume@FreeBSD.org> Cc: current@FreeBSD.org, net@FreeBSD.org Subject: Re: [CFR] unified rc.firewall Message-ID: <4B098D21.4040607@FreeBSD.org> In-Reply-To: <ygeljhyk1qg.wl%ume@mahoroba.org> References: <ygeljhyk1qg.wl%ume@mahoroba.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hajimu UMEMOTO wrote: > Hi, > > The ipfw and ip6fw were unified into ipfw2, now. But, we still have > rc.firewall and rc.firewall6. However, there are conflicts with each > other, and it confuses the users, IMHO. > So, I made a patch to unify rc.firewall and rc.firewall6, and obsolete > rc.firewall6 and rc.d/ip6fw. > Please review the attached patch. If there is no objection, I'll > commit it in next weekend. Overall I think this is good, and I'm definitely in favor of more integration of IPv6 into the mainstream rather than something that is glued on. A few comments: In rc.firewall you seem to have copied afexists() from network.subr. Is there a reason that you did not simply source that file? That would be the preferred method. Also in that file you call "if afexists inet6" quite a few times. My preference from a performance standpoint would be to call it once, perhaps in a start_precmd then cache the value. And of course, you have regression tested this thoroughly, yes? :) Please include scenarios where there is no INET6 in the kernel as well. hth, Doug -- Improve the effectiveness of your Internet presence with a domain name makeover! http://SupersetSolutions.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B098D21.4040607>