Darren Reed wrote:
>In some email I received from Arjan de Vet, sie wrote:
>> I wrote similar patches (see http://home.iae.nl/users/devet/freebsd/)
>> trying to fix more or less the same bugs/problems.
>>
>> Maybe it's a good idea if Giorgos and I together come up with 1 'big'
>> ipfilter /etc/rc.* and rc.conf.5 patch which includes the best parts of
>> both our patches?
>
>That sounds like a good plan.
OK, updated patches for stable and current are available from:
http://home.iae.nl/users/devet/freebsd/
I include the README here:
This is joint work with Giorgos Keramidas.
Patches to fix and cleanup ipfilter/ipnat code in the /etc/rc.*
framework both for -current and -stable, including an update to
the rc.conf(5) manual page. Note that for stable 'ipfs' should
be MFC'ed first!
Overview of problems fixed:
- ipmon(8) is started before loading any filter/NAT rules;
- ipmon(8) and ipfs(8) do not solely depend on ipfilter_enable
anymore, they now also work when only ipnat_enable is true;
- the multiple occurrences of code loading the ipfilter kernel
module have been removed;
- the options have been removed from the _program variables in
defaults/rc.conf and the comments in that file have been
updated to reflect (possibly new) reality;
- the rc.conf.5 manual page has been updated to reflect the
changes.
After this patch has been applied the following ipfilter related
PRs can be closed:
kern/25344
conf/26275
bin/27016
conf/31482
conf/25223
conf/25809
Darren: please wait for the comments of Doug Barton before committing,
he wants to review the patch for possible rc.* style issues first.
Arjan
--
Arjan de Vet, Eindhoven, The Netherlands <[EMAIL PROTECTED]>
URL : http://www.iae.nl/users/devet/ <[EMAIL PROTECTED]>
Work: http://www.madison-gurkha.com/ (Security, Open Source, Education)
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
