Date: Wed, 23 Oct 2002 00:24:24 +0200 From: Dimitry Andric <dim@xs4all.nl> To: Thomas Quinot <thomas@cuivre.fr.eu.org> Cc: Kirk Strauser <kirk@strauser.com>, freebsd-stable@FreeBSD.ORG Subject: Re: Still no 'ipf -6' support in the rc scripts? Message-ID: <15214492799.20021023002424@xs4all.nl> In-Reply-To: <20021022212038.GB62611@melusine.cuivre.fr.eu.org> References: <87d6q29nrf.fsf@pooh.int> <20021022212038.GB62611@melusine.cuivre.fr.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2002-10-22 at 23:20:38 Thomas Quinot wrote: TQ> You can use the following without any patches: TQ> ipfilter_flags="-6 -f /etc/ipf.rules6" This will not work properly, because of the following fragment in rc.network, which comes later (after initializing gif and ppp interfaces, among others): # Re-Sync ipfilter so it picks up any new network interfaces # case ${ipfilter_active} in [Yy][Ee][Ss]) ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null ;; esac This will re-use ipfilter-flags, and thus complain about already existing IPv6 rules. In my setup I've simply removed the ${ipfilter_flags} part, since I don't use any other flags. (The -y option syncs for both IPv4 and IPv6, if I read the source of ipf correctly.) But this isn't a good general solution... :-( Cheers, - -- Dimitry Andric <dim@xs4all.nl> PGP Key: http://www.xs4all.nl/~dim/dim.asc Fingerprint: 7AB462D2CE35FC6D42394FCDB05EA30A2E2096A3 Lbh ner abj va ivbyngvba bs gur QZPN -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt http://www.ipgpp.com/ Comment: http://duncan.gn.apc.org/stoa_cover.htm iQA/AwUBPbXCDbBeowouIJajEQIi+wCfax7Pp0FhLW8Q2NACfI0qydmIGxkAn1fN OXOeL76OhKR5faUlIGl7OMMd =F/60 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15214492799.20021023002424>