Re: conf/78762: [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewall_script not read it
The following reply was made to PR conf/78762; it has been noted by GNATS. From: Sean McNeil [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: Subject: Re: conf/78762: [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewall_script not read it Date: Mon, 18 Jun 2007 17:05:45 -0700 This is a bad idea and has broken the new feature of rcNG allowing us to place options into /etc/rc.conf.d/ipfw and /etc/rc.conf.d/ip6fw. The commit to src/etc/rc.d/ipfw revision 1.15 and src/etc/rc.d/ip6fw 1.9 have now broken this basic concept. IMHO, the correct thing is: Don't use exit in your firewall script. I offer 3 solutions, however, below. What has been broken: /etc/rc.conf.d/ipfw firewall_enable=YES firewall_type=/etc/fw/rc.firewall.rules /etc/rc.conf.d/ip6fw ipv6_firewall_enable=YES ipv6_firewall_type=/etc/fw/rc.firewall6.rules Now, this no longer works and I must once again pollute and move more stuff back into /etc/rc.conf. Namely, firewall_type=/etc/fw/rc.firewall.rules ipv6_firewall_type=/etc/fw/rc.firewall6.rules must now be in /etc/rc.conf or /etc/rc.conf.local. Solution: 1) revert to sourcing the rc.firewall script. 2) Fix rc.firewall and rc.firewall6 to somehow get stuff from /etc/rc.conf.d as it should (as ipfw and ip6fw?). 3) completely remove rc.conf.d support as more things fail to work with it. ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: conf/78762: [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewall_script not read it
Synopsis: [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewall_script not read it State-Changed-From-To: open-patched State-Changed-By: mtm State-Changed-When: Mon Apr 2 15:40:10 UTC 2007 State-Changed-Why: Patched in -CURRENT. MFC-After: 2 weeks http://www.freebsd.org/cgi/query-pr.cgi?pr=78762 ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: conf/78762: [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewall_script not read it
On Monday 02 April 2007 12:40, Mike Makonnen wrote: Synopsis: [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewall_script not read it State-Changed-From-To: open-patched State-Changed-By: mtm State-Changed-When: Mon Apr 2 15:40:10 UTC 2007 State-Changed-Why: Patched in -CURRENT. MFC-After: 2 weeks http://www.freebsd.org/cgi/query-pr.cgi?pr=78762 btw, is this ${SYSCTL_W} net.inet.ip.fw.enable=1 which comes after loading firewall_script in /etc/rc.d/ipfw is beeing corrected also? Probably better setting this in ipfw_precmd () João A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: conf/78762: [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewall_script not read it
Old Synopsis: [patch] /etc/rc.d/ipfw should excecute $firewall_script not read it New Synopsis: [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewall_script not read it Responsible-Changed-From-To: freebsd-bugs-freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Mon Oct 24 05:10:01 GMT 2005 Responsible-Changed-Why: Over to mailing list for review. http://www.freebsd.org/cgi/query-pr.cgi?pr=78762 ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to [EMAIL PROTECTED]