From owner-freebsd-stable Tue Oct 22 15:25:19 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A10737B404 for ; Tue, 22 Oct 2002 15:25:17 -0700 (PDT) Received: from smtpzilla1.xs4all.nl (smtpzilla1.xs4all.nl [194.109.127.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7EE6243E3B for ; Tue, 22 Oct 2002 15:25:16 -0700 (PDT) (envelope-from dim@xs4all.nl) Received: from kilgore.dim (tensor.xs4all.nl [213.84.94.69]) by smtpzilla1.xs4all.nl (8.12.0/8.12.0) with ESMTP id g9MMOxVB019385; Wed, 23 Oct 2002 00:24:59 +0200 (CEST) Date: Wed, 23 Oct 2002 00:24:24 +0200 From: Dimitry Andric X-Mailer: The Bat! (v1.62/Beta7) Business X-Priority: 3 (Normal) Message-ID: <15214492799.20021023002424@xs4all.nl> To: Thomas Quinot Cc: Kirk Strauser , freebsd-stable@FreeBSD.ORG Subject: Re: Still no 'ipf -6' support in the rc scripts? In-Reply-To: <20021022212038.GB62611@melusine.cuivre.fr.eu.org> References: <87d6q29nrf.fsf@pooh.int> <20021022212038.GB62611@melusine.cuivre.fr.eu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2002-10-22 at 23:20:38 Thomas Quinot wrote: TQ> You can use the following without any patches: TQ> ipfilter_flags="-6 -f /etc/ipf.rules6" This will not work properly, because of the following fragment in rc.network, which comes later (after initializing gif and ppp interfaces, among others): # Re-Sync ipfilter so it picks up any new network interfaces # case ${ipfilter_active} in [Yy][Ee][Ss]) ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null ;; esac This will re-use ipfilter-flags, and thus complain about already existing IPv6 rules. In my setup I've simply removed the ${ipfilter_flags} part, since I don't use any other flags. (The -y option syncs for both IPv4 and IPv6, if I read the source of ipf correctly.) But this isn't a good general solution... :-( Cheers, - -- Dimitry Andric PGP Key: http://www.xs4all.nl/~dim/dim.asc Fingerprint: 7AB462D2CE35FC6D42394FCDB05EA30A2E2096A3 Lbh ner abj va ivbyngvba bs gur QZPN -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt http://www.ipgpp.com/ Comment: http://duncan.gn.apc.org/stoa_cover.htm iQA/AwUBPbXCDbBeowouIJajEQIi+wCfax7Pp0FhLW8Q2NACfI0qydmIGxkAn1fN OXOeL76OhKR5faUlIGl7OMMd =F/60 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message