Date: Mon, 13 Oct 97 17:43:34 -0700 From: "Studded" <Studded@dal.net> To: "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org> Subject: Problem with rc.conf/rc.firewall Message-ID: <199710140043.RAA27934@mail.san.rr.com>
next in thread | raw e-mail | index | archive | help
Using 2.2.5-971012-BETA I upgraded my system with the tried and
true make world + fold in /etc changes method. It completed without
errors (after I removed the -j 2 from make *grumble*) and then I made
the kernel from the same kernel config file I used with the
2.2-970901-STABLE sources previously that included ipfw. I set the
firewall option to YES in rc.conf, and set the type to OPEN.
A gold star to anyone who has already spotted the problem, the
rc.firewall script expects "${firewall_type}" = "open", not OPEN, and
it bombed out. IMO putting the firewall_type option rc.conf is a big
mistake. It loses big in functionality what little it makes up for in
convenience, especially when I'm 600 miles from the machine.
In order of importance, suggestion number one is to return the
firewall_type option to rc.firewall, include firewall_quiet, and put a
note below firewall_enable saying that there are options to set in
rc.firewall if you enable it. This will reduce the likelihood of an
error like mine, and has the added advantage of removing two
little-used options from an already crowded rc.conf. Suggestion number
two is to make the type open BY DEFAULT, and let the person change it
if need be. There is really no reason to set up stumbling blocks that
people don't need if they can be so easily avoided. Third, it would be
nice if the script (and the rc scripts in general) were made case
insensitive, either by some sh trick, or some OR statements. Finally a
warning in rc.conf that the options are case sensitive would be a plus.
I can produce diffs and send this as a PR if requested, but it
is only a few lines in each place.
Thanks,
Doug
*** Proud operator, designer and maintainer of the world's largest
*** Internet Relay Chat server. 4,168 clients and still growing. :-)
*** Try spider.dal.net on ports 6662-4 (Powered by FreeBSD)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710140043.RAA27934>