Hello, I've been setting up ipfilter on a couple of solaris 9 boxes and noticed that the ipfilter solaris package (built from the source) sets up /etc/rc2.d/S65ipfboot to start ipfilter on boot. Unfortunately, routing (particularly the default route) isn't setup until S69 which means that on some machines that use a nameserver outside their local subnet and hostnames in ipf.conf, things don't quite work. Hence, I was wondering if there was a good reason for not having ipfboot start at or after S69 (at seems to work fine for me)? I understand the slim possibility that some networks might be setup so that their local net is trustworthy and anything outside it isn't, but in the few cases where that were true I'd imagine those affected could perform other workarounds, or it paranoid enough would compile with default deny (in which case the first-pass rules letting DNS through in the init script would make this irrelevant). I've attached a quick patch (against 4.1.13, but should work against 4.1.14), if people are interested.
Thanks
diff -ruw ../tmp/ip_fil4.1.13/SunOS5/prototype ip_fil4.1.13/SunOS5/prototype --- ../tmp/ip_fil4.1.13/SunOS5/prototype 2005-07-20 04:45:28.000000000 +1000 +++ ip_fil4.1.13/SunOS5/prototype 2006-10-05 09:48:51.558156000 +1000 @@ -44,7 +44,7 @@ d none /etc/init.d f none /etc/init.d/ipfboot=root/etc/init.d/ipfboot d none /etc/rc2.d -l none /etc/rc2.d/S65ipfboot=/etc/init.d/ipfboot +l none /etc/rc2.d/S69ipfboot=/etc/init.d/ipfboot d none /etc/opt d none /etc/opt/ipf 755 root sys !default 0444 root root diff -ruw ../tmp/ip_fil4.1.13/SunOS5/prototype32 ip_fil4.1.13/SunOS5/prototype32 --- ../tmp/ip_fil4.1.13/SunOS5/prototype32 2004-03-07 01:33:25.000000000 +1100 +++ ip_fil4.1.13/SunOS5/prototype32 2006-10-05 09:49:04.350099000 +1000 @@ -56,7 +56,7 @@ d none /etc/init.d ? ? ? f none /etc/init.d/ipfboot=root/etc/init.d/ipfboot d none /etc/rc2.d ? ? ? -l none /etc/rc2.d/S65ipfboot=/etc/init.d/ipfboot +l none /etc/rc2.d/S69ipfboot=/etc/init.d/ipfboot d none /etc/opt ? ? ? d none /etc/opt/ipf 755 root sys !default 0444 root root diff -ruw ../tmp/ip_fil4.1.13/SunOS5/prototype_ia32 ip_fil4.1.13/SunOS5/prototype_ia32 --- ../tmp/ip_fil4.1.13/SunOS5/prototype_ia32 2005-08-20 23:42:03.000000000 +1000 +++ ip_fil4.1.13/SunOS5/prototype_ia32 2006-10-05 09:49:12.530623000 +1000 @@ -56,7 +56,7 @@ d none /etc/init.d ? ? ? f none /etc/init.d/ipfboot=root/etc/init.d/ipfboot d none /etc/rc2.d ? ? ? -l none /etc/rc2.d/S65ipfboot=/etc/init.d/ipfboot +l none /etc/rc2.d/S69ipfboot=/etc/init.d/ipfboot d none /etc/opt ? ? ? d none /etc/opt/ipf 755 root sys !default 0444 root root
signature.asc
Description: Digital signature
