Re: /etc/rc.d/ipsec starts not in time
Hi It is not sufficient. There is setkey(8) in /usr/sbin. It means that we cannot protect NFS exported /usr by IPsec. If there is no objection, I wish to move setkey(8) into /sbin like NetBSD did. tlambert2 This type of order inversion is common. tlambert2 Can we simply delay exportation until later in the boot process? tlambert2 Wouldn't this have the same effect? Oops, I should explain the situation clearly. The client which mounts /usr by NFS cannot use IPsec due to lack of setkey(8). I think, you not exactly understand my problem. I not export anything, not protect NFS exported /usr and have ordinary workstation with 40G HD and /usr on it. Using IPSec - hostorical behavior :), and i live without problems on 4.x . But I use NFS exports from others. And, in case if IPSec used between my mashine and NFS server, I can't boot smoothly - booting hold up on mounting NFS until I press Ctrl+C . Patch, which I send, resolve my problem. But I not sure - applicable this patch for diskless ? I can't recall when problem appear. All life server runs on 4.8. My mashine will be 4.8 - 5.0 - 5.1 - 5 CURRENT. Now - kern.osreldate: 501113. -- With best wishes, DIGMA sysadmin Oleg Kostyuk aka Cub (OK5-UANIC) [BSD registered user #BSD050664] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
/etc/rc.d/ipsec starts not in time
Submitter-Id: current-users Originator:Kostyuk Oleg Organization: Confidential: no Synopsis: /etc/rc.d/ipsec starts not in time Severity: serious Priority: medium Category: conf Class: sw-bug Release: FreeBSD 5.1-CURRENT i386 Environment: System: FreeBSD demani.digma 5.1-CURRENT FreeBSD 5.1-CURRENT #4: Sun Nov 2 13:45:34 EET 2003 [EMAIL PROTECTED]:/var/.0/usr/obj/usr/src/sys/CUB i386 Description: I use ipsec between my desktop and nfs/ntp server. On boot my mashine stops on Mounting NFS file systems. If I press Ctrl+C, booting continue ok, but nfs mounts left unmounted and time not in sync. I try to use -b flag to mount_nfs in fstab, but this not help me. Problem is in order of starting /etc/rc.d/ipsec. It must start BEFORE any network interaction, may be even before configuring interfaces. But I not sure in case with diskless mashines. How-To-Repeat: Create entry in /etc/fstab for nfs mount, create /etc/ipsec.conf to establish secure connection to same server (on both sides, of course :), and reboot. Fix: (~)% grep -h '\$FreeBSD' /usr/src/etc/rc.d/ipsec /etc/rc.d/ipsec # $FreeBSD: src/etc/rc.d/ipsec,v 1.6 2003/07/30 18:53:59 mtm Exp $ # $FreeBSD: src/etc/rc.d/ipsec,v 1.6 2003/07/30 18:53:59 mtm Exp $ (~)% diff -u /usr/src/etc/rc.d/ipsec /etc/rc.d/ipsec --- /usr/src/etc/rc.d/ipsec Wed Jul 30 21:53:59 2003 +++ /etc/rc.d/ipsec Sun Nov 2 14:43:59 2003 @@ -5,8 +5,8 @@ # # PROVIDE: ipsec # REQUIRE: root beforenetlkm mountcritlocal -# BEFORE: DAEMON +# BEFORE: NETWORK # KEYWORD: FreeBSD NetBSD # it does not really require beforenetlkm. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
adduser : typo in variable name
Submitter-Id: current-users Originator:Kostyuk Oleg Organization: Confidential: no Synopsis: adduser : typo in variable name Severity: non-critical Priority: low Category: bin Class: update Release: FreeBSD 5.1-RELEASE i386 Environment: System: FreeBSD demani.digma 5.1-RELEASE FreeBSD 5.1-RELEASE #3: Mon Jun 9 12:19:59 EEST 2003 [EMAIL PROTECTED]:/usr/src/sys/i386/compile/CUB i386 Description: Typo in variable name How-To-Repeat: See in source, line 781 # $FreeBSD: src/usr.sbin/adduser/adduser.sh,v 1.15 2003/03/23 23:06:44 mtm Exp $ Fix: Patch --- /usr/src/usr.sbin/adduser/adduser.shMon Mar 24 01:06:44 2003 +++ adduser.sh Tue Jun 24 16:31:37 2003 @@ -778,7 +778,7 @@ savedpwtype= defaultclass= defaultLgroup= -defaultgoups= +defaultgroups= defaultshell=${DEFAULTSHELL} # Make sure the user running this program is root. This isn't a security ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Error in ipfw manpage (EXAMPLES/SETS OF RULES)
Submitter-Id: current-users Originator:Kostyuk Oleg [EMAIL PROTECTED] Organization: Confidential: no Synopsis: Error in ipfw manpage (EXAMPLES/SETS OF RULES) Severity: non-critical Priority: low Category: docs Class: doc-bug Release: FreeBSD 5.1-RELEASE i386 Environment: System: FreeBSD demani.digma 5.1-RELEASE FreeBSD 5.1-RELEASE #3: Mon Jun 9 12:19:59 EEST 2003 [EMAIL PROTECTED]:/usr/src/sys/i386/compile/CUB i386 Description: The ipfw(8) manpage has an example of using ipfw sets of rules, but the example does not work. How-To-Repeat: Try to execute commands from EXAMPLES/SETS OF RULES manpage section # id uid=0(root) gid=0(wheel) groups=0(wheel), 5(operator) # ipfw disable set 18 ipfw: unrecognize enable/disable keyword: set Fix: Patch for manpage --- /usr/src/sbin/ipfw/ipfw.8 Sat Mar 15 03:13:00 2003 +++ ipfw.8 Mon Jun 23 09:50:59 2003 @@ -2001,9 +2001,9 @@ .Ss SETS OF RULES To add a set of rules atomically, e.g. set 18: .Pp -.Dl ipfw disable set 18 +.Dl ipfw set disable 18 .Dl ipfw add NN set 18 ... # repeat as needed -.Dl ipfw enable set 18 +.Dl ipfw set enable 18 .Pp To delete a set of rules atomically the command is simply: .Pp @@ -2011,9 +2011,9 @@ .Pp To test a ruleset and disable it and regain control if something goes wrong: .Pp -.Dl ipfw disable set 18 +.Dl ipfw set disable 18 .Dl ipfw add NN set 18 ... # repeat as needed -.Dl ipfw enable set 18 ; echo done; sleep 30 ipfw disable set 18 +.Dl ipfw set enable 18 ; echo done; sleep 30 ipfw set disable 18 .Pp Here if everything goes well, you press control-C before the sleep terminates, and your ruleset will be left active. Otherwise, e.g. if ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]