Darren Reed wrote: >In some email I received from Arjan de Vet, sie wrote: >> I wrote similar patches (see http://home.iae.nl/users/devet/freebsd/) >> trying to fix more or less the same bugs/problems. >> >> Maybe it's a good idea if Giorgos and I together come up with 1 'big' >> ipfilter /etc/rc.* and rc.conf.5 patch which includes the best parts of >> both our patches? > >That sounds like a good plan.
OK, updated patches for stable and current are available from: http://home.iae.nl/users/devet/freebsd/ I include the README here: This is joint work with Giorgos Keramidas. Patches to fix and cleanup ipfilter/ipnat code in the /etc/rc.* framework both for -current and -stable, including an update to the rc.conf(5) manual page. Note that for stable 'ipfs' should be MFC'ed first! Overview of problems fixed: - ipmon(8) is started before loading any filter/NAT rules; - ipmon(8) and ipfs(8) do not solely depend on ipfilter_enable anymore, they now also work when only ipnat_enable is true; - the multiple occurrences of code loading the ipfilter kernel module have been removed; - the options have been removed from the _program variables in defaults/rc.conf and the comments in that file have been updated to reflect (possibly new) reality; - the rc.conf.5 manual page has been updated to reflect the changes. After this patch has been applied the following ipfilter related PRs can be closed: kern/25344 conf/26275 bin/27016 conf/31482 conf/25223 conf/25809 Darren: please wait for the comments of Doug Barton before committing, he wants to review the patch for possible rc.* style issues first. Arjan -- Arjan de Vet, Eindhoven, The Netherlands <[EMAIL PROTECTED]> URL : http://www.iae.nl/users/devet/ <[EMAIL PROTECTED]> Work: http://www.madison-gurkha.com/ (Security, Open Source, Education) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message