Date: Wed, 14 Mar 2001 12:09:15 +0100 (CET) From: Claude Buisson <ubc@paris.framatome.fr> To: Tim Zingelman <zingelman@fnal.gov> Cc: stable@FreeBSD.ORG Subject: Re: /etc/default/rc.conf bad default ipfilter_flags? Message-ID: <Pine.BSF.4.10.10103141207470.13944-100000@eve.framatome.fr> In-Reply-To: <Pine.GSO.4.30.0103132009500.28627-100000@nova.fnal.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 13 Mar 2001, Tim Zingelman wrote: > Running 4.3-Beta, cvsupped early on 3/13/01. > > These lines are either confusing or wrong. Possibly something has changed > in the default state (now enabled?) of the ipfilter module. > > ipfilter_flags="-E" # should be *empty* when ipf is _not_ a module > # (i.e. compiled into the kernel) to > # avoid a warning about "already initialized" > > I load ipf as a module by adding a line to /boot/loader.conf: > ipl_load="YES" > > Running a GENERIC kernel. > > I have a valid rules file at /etc/ipf.rules > > I add the following line to /etc/rc.conf: > ipfilter_enable="YES" > > and when I boot I get... > from dmesg: > IP Filter: v3.4.16 initialized. Default = pass all, Logging = enabled > > from /var/log/console.log: > Mar 13 19:32:59 port /kernel: Doing initial network setup: > Mar 13 19:32:59 port /kernel: hostname > Mar 13 19:32:59 port /kernel: ipfilter > Mar 13 19:32:59 port /kernel: SIOCFRENB: Invalid argument > Mar 13 19:32:59 port /kernel: . > Mar 13 19:32:59 port /kernel: fxp0: flags=8843<UP,BROADCAST,RUNNING... > > If I add this line to /etc/rc.conf: > ipfilter_flags="" > > The "SIOCFRENB: Invalid argument" message goes away, and ipf IS working. > > So if the comment is correct that -E is not needed for compiled into the > kernel ipf, and I am correct that -E is not needed for module loaded ipf, > I'd like to see the default change to "" and have the comment changed... > > +ipfilter_flags="" # Flags to ipfilter (if enabled). > -ipfilter_flags="-E" # should be *empty* when ipf is _not_ a module > - # (i.e. compiled into the kernel) to > - # avoid a warning about "already initialized" > > If someone can verify my findings I could submit a PR. > same thing here - tested on a 4.2-STABLE 2001/02/26 > Thanks, > > - Tim > Claude Buisson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10103141207470.13944-100000>