From owner-freebsd-rc@FreeBSD.ORG Sun Mar 22 19:28:36 2009 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A0D211065675 for ; Sun, 22 Mar 2009 19:28:36 +0000 (UTC) (envelope-from maksim.yevmenkin@gmail.com) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.169]) by mx1.freebsd.org (Postfix) with ESMTP id 78EA08FC1C for ; Sun, 22 Mar 2009 19:28:36 +0000 (UTC) (envelope-from maksim.yevmenkin@gmail.com) Received: by wf-out-1314.google.com with SMTP id 24so2064952wfg.7 for ; Sun, 22 Mar 2009 12:28:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=LC06+quKuWLgh/VE3ez8I84fTjVqyXZM+fOfYh9dbiA=; b=ja5Max/telFJ8IL29vECn6t1CceXc35pUnt6iJmEbO753syM0Qp5YThzyUxhpCpC4P ZcBM34rw3AImCIzuumSJhoybPxUEwVVTaYsOTf2y0Qjl23ZBuaf+xGgrew8n4y7SlxFC UEflTenbY26EwlJPJFOJNhikeKbw7oOL/Z5cU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=tSqbRER7PYXprJgUX8bNkIOGLrUp3JW00MwswLjUh802vjT6TwKcpOqWve7eKz/R6O u8LmB/Gpl+kl9vvhg+B8Xs7cq8a+zs3Nm8s6Bkm0O2tpddRELF3dIYJFGDxDYsN31igR nIiBoy0dQlvSNOY2BcRsBebDjx1r9UiSEdrqE= MIME-Version: 1.0 Received: by 10.143.40.5 with SMTP id s5mr1458513wfj.19.1237748672844; Sun, 22 Mar 2009 12:04:32 -0700 (PDT) Date: Sun, 22 Mar 2009 12:04:32 -0700 Message-ID: From: Maksim Yevmenkin To: freebsd-rc@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Yuri Kurenkov Subject: [patch] /etc/rc.d/ipfw X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Mar 2009 19:28:37 -0000 hello, would anyone object to the following small patch to /etc/rc.d/ifpw. this is basically to teach ipfw to 1) load ipfw_nat module when nat is required and natd is _not_ used 2) pass firewall type to rc.firewall script thanks, max ==== > diff -u /etc/rc.d/ipfw ipfw --- /etc/rc.d/ipfw 2008-07-24 07:02:05.000000000 -0700 +++ ipfw 2009-03-22 11:53:19.000000000 -0700 @@ -23,10 +23,19 @@ if checkyesno dummynet_enable; then required_modules="$required_modules dummynet" fi + if checkyesno firewall_nat_enable; then + if ! checkyesno natd_enable; then + required_modules="$required_modules ipfw_nat" + fi + fi } ipfw_start() { + local _firewall_type + + _firewall_type=$1 + # set the firewall rules script if none was specified [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall @@ -34,7 +43,7 @@ if [ -f /etc/rc.d/natd ] ; then /etc/rc.d/natd start fi - /bin/sh "${firewall_script}" + /bin/sh "${firewall_script}" "${_firewall_type}" echo 'Firewall rules loaded.' elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then echo 'Warning: kernel has firewall functionality, but' \ @@ -65,4 +74,4 @@ } load_rc_config $name -run_rc_command "$1" +run_rc_command "$*"