Erik Nordmark wrote:
>
> I tried changing the punchin nwam location to run ipfilter with
> /etc/ipf/ipf.conf. Works fine until I punch out and punch in again.
>
> It seems like punchctl destroys and recreates the location:
>
> setup_nss () {
> nwam_nss false
>
> if nwam_phase1; then
> # create punchin location, populate, activate
>
> nwamcfg destroy loc punchin >/dev/null 2>&1
>
> # Create new location called punchin
> nwamcfg create loc punchin
> nwamcfg "select loc punchin; \
> set activation-mode=manual"
>
>
> That removes any localization I've done to the nwam location.
> Can punchctl be made to not destroy it?
I've bcc'd the internal list.
I remember this scenario coming up when we were creating this location.
For consistency with customizations we'd usually just give you a
variable to formally define your ipfilter policy.
e.g. PUNCHIN_IPFILTER_POLICY=/path/to/my/policy/file
Would that be acceptable? Destroying it is a much simpler and cleaner
method since the location is dynamically pieced together depending on
other variables anyway, such as whether you want NIS, custom resolv.conf
domains, etc. An IPfilter variable would fit into that scheme fairly
well, it seems to me.
-Paul
