Date: Fri, 1 Mar 2002 08:40:03 -0800 (PST) From: "Crist J. Clark" <crist.clark@attbi.com> To: freebsd-bugs@FreeBSD.org Subject: Re: conf/35178: ipfilter for IPV6 not availlable in rc.* Message-ID: <200203011640.g21Ge3E98127@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR conf/35178; it has been noted by GNATS.
From: "Crist J. Clark" <crist.clark@attbi.com>
To: Jeremy Norris <ishmael27x@yahoo.com>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: conf/35178: ipfilter for IPV6 not availlable in rc.*
Date: Fri, 1 Mar 2002 08:37:05 -0800
On Fri, Mar 01, 2002 at 09:08:46AM -0600, Jeremy Norris wrote:
> On Tue, Feb 26, 2002 at 03:20:02AM -0800, Crist J. Clark wrote:
> > + case "${ipfilter6_enable}" in
> > + [Yy][Ee][Ss])
> > + if [ -r "${ipfilter6_flags}" ]; then
> > + echo -n ' ipfilter-IPv6'
> > + ${ipfilter_program:-/sbin/ipf} -6 -Fa -f \
>
> I think you should check for ipfilter_active as well, because ipf -6 -Fa
> flushes ipv4 rules too. If ipfilter_active is true, then maybe only ipf -6 -f?
The problem with that is ipfilter_active would not be available at
this point. It is local to the network_pass1() function in
rc.network. It is possible to make it global, but very kludgey,
passing data between the scripts in that way. In my scripts, I've just
dropped the flush completely. It doesn't really seem all that
necessary to me.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203011640.g21Ge3E98127>