Date: Mon, 29 Oct 2001 20:34:21 +0100 From: Arjan de Vet <devet@devet.org> To: Doug Barton <dougb@freebsd.org>, Darren Reed <darrenr@reed.wattle.id.au> Cc: hackers@freebsd.org Subject: PATCH for review: ipfilter changes in rc.* Message-ID: <20011029203421.A17303@adv.devet.org> In-Reply-To: <200110261121.VAA08457@avalon.reed.wattle.id.au> References: <20011026131544.A12873@adv.devet.org> <200110261121.VAA08457@avalon.reed.wattle.id.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Darren Reed wrote: >In some email I received from Arjan de Vet, sie wrote: >> I wrote similar patches (see http://home.iae.nl/users/devet/freebsd/) >> trying to fix more or less the same bugs/problems. >> >> Maybe it's a good idea if Giorgos and I together come up with 1 'big' >> ipfilter /etc/rc.* and rc.conf.5 patch which includes the best parts of >> both our patches? > >That sounds like a good plan. OK, updated patches for stable and current are available from: http://home.iae.nl/users/devet/freebsd/ I include the README here: This is joint work with Giorgos Keramidas. Patches to fix and cleanup ipfilter/ipnat code in the /etc/rc.* framework both for -current and -stable, including an update to the rc.conf(5) manual page. Note that for stable 'ipfs' should be MFC'ed first! Overview of problems fixed: - ipmon(8) is started before loading any filter/NAT rules; - ipmon(8) and ipfs(8) do not solely depend on ipfilter_enable anymore, they now also work when only ipnat_enable is true; - the multiple occurrences of code loading the ipfilter kernel module have been removed; - the options have been removed from the _program variables in defaults/rc.conf and the comments in that file have been updated to reflect (possibly new) reality; - the rc.conf.5 manual page has been updated to reflect the changes. After this patch has been applied the following ipfilter related PRs can be closed: kern/25344 conf/26275 bin/27016 conf/31482 conf/25223 conf/25809 Darren: please wait for the comments of Doug Barton before committing, he wants to review the patch for possible rc.* style issues first. Arjan -- Arjan de Vet, Eindhoven, The Netherlands <devet@devet.org> URL : http://www.iae.nl/users/devet/ <Arjan.deVet@adv.iae.nl> Work: http://www.madison-gurkha.com/ (Security, Open Source, Education) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011029203421.A17303>