From owner-freebsd-bugs Mon Nov 20 16:40: 6 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id CADBE37B4D7 for ; Mon, 20 Nov 2000 16:40:01 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id QAA70952; Mon, 20 Nov 2000 16:40:01 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from mailout05.sul.t-online.com (mailout05.sul.t-online.com [194.25.134.82]) by hub.freebsd.org (Postfix) with ESMTP id 0357937B479 for ; Mon, 20 Nov 2000 16:33:48 -0800 (PST) Received: from fwd01.sul.t-online.com by mailout05.sul.t-online.com with smtp id 13y1Nb-00042P-00; Tue, 21 Nov 2000 01:33:47 +0100 Received: from koloth.empire.trek.org (520080156505-0001@[212.184.145.181]) by fwd01.sul.t-online.com with esmtp id 13y1NM-1QAvKKC; Tue, 21 Nov 2000 01:33:32 +0100 Received: from qonos.empire.trek.org (qonos.empire.trek.org [10.1.28.3]) by koloth.empire.trek.org (Postfix) with ESMTP id 46ED817427 for ; Tue, 21 Nov 2000 01:33:32 +0100 (CET) Received: by qonos.empire.trek.org (Postfix, from userid 1001) id 9193B1FFC; Tue, 21 Nov 2000 01:33:48 +0100 (CET) Message-Id: <20001121003348.9193B1FFC@qonos.empire.trek.org> Date: Tue, 21 Nov 2000 01:33:48 +0100 (CET) From: dl@leo.org Reply-To: dl@leo.org To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: conf/22998: patch for rc.network to load ipl.ko (IPFILTER) Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 22998 >Category: conf >Synopsis: ipf fails to load the rules if IPFILTER is not statically linked >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Nov 20 16:40:01 PST 2000 >Closed-Date: >Last-Modified: >Originator: Daniel Lang >Release: FreeBSD 4.2-RELEASE i386 >Organization: TU Muenchen >Environment: 4.2-RELEASE, with IPFILTER _not_ in static kernel, and ipfilter_enable="YES" in rc.conf >Description: ipf fails to load the rules if IPFILTER is not in the kernel and does not automatically load the module, so I patched rc.network like the ipfw section, to load the module on demand. >How-To-Repeat: see Environment >Fix: Here is the patch, it pretty much like ipfw section: --- /etc/rc.network Tue Nov 21 00:55:01 2000 +++ /tmp/rc.network.patched Tue Nov 21 01:21:47 2000 @@ -48,8 +48,21 @@ # Establish ipfilter ruleset as early as possible (best in # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) # + if /sbin/ipfstat -i > /dev/null 2>&1; then + ipfilter_in_kernel=1 + else + ipfilter_in_kernel=0 + fi + case "${ipfilter_enable}" in [Yy][Ee][Ss]) + if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then + ipfilter_in_kernel=1 + echo "Kernel ipfilter module loaded." + elif [ "${ipfilter_in_kernel}" -eq 0 ]; then + echo "Warning: ipfilter kernel module failed to load." + fi + if [ -r "${ipfilter_rules}" ]; then echo -n ' ipfilter'; ${ipfilter_program:-ipf -Fa -f} "${ipfilter_rules}" ${ipfilter_flags} >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message