Date: Fri, 29 Aug 2003 20:37:31 +0400 (MSD) From: Dmitri Goutnik <wumpus@peterlink.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: conf/56144: [PATCH] /etc/rc.d/ipmon, /etc/rc.d/ipfilter fixes Message-ID: <200308291637.h7TGbVow002167@xyzzy.zzz.net> Resent-Message-ID: <200308291640.h7TGe6h6041540@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 56144
>Category: conf
>Synopsis: [PATCH] /etc/rc.d/ipmon, /etc/rc.d/ipfilter fixes
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Aug 29 09:40:05 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Dmitri Goutnik
>Release: FreeBSD 5.1-CURRENT i386
>Organization:
>Environment:
System: FreeBSD xyzzy.zzz.net 5.1-CURRENT FreeBSD 5.1-CURRENT #9: Fri Aug 29 13:54:56 MSD 2003 root@xyzzy.zzz.net:/usr/obj/usr/src/sys/XYZZY i386
>Description:
1). /etc/rc.d/ipmon is configured to run before /etc/rc.d/ipfilter and
ipmon(8) fails to start when ipfilter was built as KLD module;
2). /etc/rc.d/ipfilter always calls /sbin/ipf -E, this produces a
bunch of "IP Filter: already initialized" when the kernel has ipfilter
statically linked in;
>How-To-Repeat:
Boot.
>Fix:
--- ipmon.path begins here ---
--- old/ipmon Fri Aug 29 15:10:44 2003
+++ ipmon Fri Aug 29 15:10:53 2003
@@ -5,7 +5,7 @@
#
# PROVIDE: ipmon
-# REQUIRE: mountcritlocal hostname sysctl cleanvar
+# REQUIRE: mountcritlocal hostname sysctl cleanvar ipfilter
# BEFORE: SERVERS
# KEYWORD: FreeBSD NetBSD
--- ipmon.path ends here ---
--- ipfilter.path begins here ---
--- old/ipfilter Fri Aug 29 12:04:18 2003
+++ ipfilter Fri Aug 29 15:19:03 2003
@@ -5,7 +5,7 @@
#
# PROVIDE: ipfilter
-# REQUIRE: root beforenetlkm mountcritlocal ipmon
+# REQUIRE: root beforenetlkm mountcritlocal
# BEFORE: netif
# KEYWORD: FreeBSD NetBSD
@@ -79,12 +79,15 @@
echo "Enabling ipfilter."
case ${OSTYPE} in
FreeBSD)
- ${ipfilter_program:-/sbin/ipf} -EFa
+ if [ `sysctl -n net.inet.ipf.fr_running` = "0" ]; then
+ ${ipfilter_program:-/sbin/ipf} -E
+ fi
+ ${ipfilter_program:-/sbin/ipf} -Fa
if [ -r "${ipfilter_rules}" ]; then
${ipfilter_program:-/sbin/ipf} \
-f "${ipfilter_rules}" ${ipfilter_flags}
fi
- ${ipfilter_program:-/sbin/ipf} -6 -EFa
+ ${ipfilter_program:-/sbin/ipf} -6 -Fa
if [ -r "${ipv6_ipfilter_rules}" ]; then
${ipfilter_program:-/sbin/ipf} -6 \
-f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
--- ipfilter.path ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200308291637.h7TGbVow002167>