Hi, on my redundant firealls I have an " admin" interface in rdomain 1 with a sshd listening, used to be able to access the slave machine and let it access the internet to be able to run syspatch or pkg_add.
This works well, but but if I use rcctl in this non default rdomain to control services normally running in the default rdomain, things don't behave too well. In particular, 'rcctl start' or 'restart' starts the service with rtable 1. Alternatives would be to run the admin interface in the default rdomain and all other interfaces in a separate one, but it feels more painful to setup. It seems to me that the patch below helps, but may be it has other unforseen and unwanted effects ? Thoughts ? Index: rc.subr =================================================================== RCS file: /cvs/OpenBSD/src/etc/rc.d/rc.subr,v retrieving revision 1.131 diff -u -r1.131 rc.subr --- rc.subr 21 Mar 2019 15:10:27 -0000 1.131 +++ rc.subr 5 Sep 2019 20:56:38 -0000 @@ -320,5 +320,4 @@ # make sure pexp matches the process (i.e. doesn't include the quotes) pexp="$(eval echo ${daemon}${daemon_flags:+ ${daemon_flags}})" rcexec="su -l -c ${daemon_class} -s /bin/sh ${daemon_user} -c" -[ "${daemon_rtable}" -eq "$(id -R)" ] || - rcexec="route -T ${daemon_rtable} exec ${rcexec}" +rcexec="route -T ${daemon_rtable} exec ${rcexec}" -- Matthieu Herrb