From owner-freebsd-doc@FreeBSD.ORG Tue Oct 24 23:15:17 2006 Return-Path: X-Original-To: freebsd-doc@FreeBSD.org Delivered-To: freebsd-doc@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E82916A492; Tue, 24 Oct 2006 23:15:17 +0000 (UTC) (envelope-from cristi@net.utcluj.ro) Received: from bavaria.utcluj.ro (bavaria.utcluj.ro [193.226.5.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A47A43D64; Tue, 24 Oct 2006 23:15:15 +0000 (GMT) (envelope-from cristi@net.utcluj.ro) Received: from localhost (localhost [127.0.0.1]) by bavaria.utcluj.ro (Postfix) with ESMTP id A83487F445; Wed, 25 Oct 2006 02:15:14 +0300 (EEST) Received: from bavaria.utcluj.ro ([127.0.0.1]) by localhost (bavaria.utcluj.ro [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18267-01; Wed, 25 Oct 2006 02:15:13 +0300 (EEST) Received: from [172.27.2.200] (c7.campus.utcluj.ro [193.226.6.226]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by bavaria.utcluj.ro (Postfix) with ESMTP id 619E67F443; Wed, 25 Oct 2006 02:15:10 +0300 (EEST) Message-ID: <453E9E7B.4050801@net.utcluj.ro> Date: Wed, 25 Oct 2006 02:15:07 +0300 From: Cristian KLEIN Organization: Data Communication Center - Technical University of Cluj-Napoca User-Agent: Thunderbird 1.5.0.5 (X11/20060728) MIME-Version: 1.0 To: Tom Rhodes References: <453CD37B.3080909@net.utcluj.ro> <453D533F.9020301@FreeBSD.org> <453DC6CA.60304@net.utcluj.ro> <20061024133401.51158add.trhodes@FreeBSD.org> <453E7437.1080300@net.utcluj.ro> <20061024180748.4adc6f12.trhodes@FreeBSD.org> In-Reply-To: <20061024180748.4adc6f12.trhodes@FreeBSD.org> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by the daemon playing with your mail on bavaria.utcluj.ro Cc: freebsd-doc@FreeBSD.org, dougb@FreeBSD.org Subject: Re: Want to help with handbook X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Oct 2006 23:15:17 -0000 Tom Rhodes wrote: > On Tue, 24 Oct 2006 23:14:47 +0300 > Cristian KLEIN wrote: > >> Tom Rhodes wrote: >>> On Tue, 24 Oct 2006 10:54:50 +0300 >>> Cristian KLEIN wrote: >>> >>>> Doug Barton wrote: >>>>> Cristian KLEIN wrote: >>>>>> Hi, >>>>>> >>>>>> I am sorry if I hit the wrong list, but there was to responsible person >>>>>> listed in this page: >>>>>> http://www1.ro.freebsd.org/docproj/current.html#handbooksection >>>>>> >>>>>> I would like to contribute to the firewall chapter of the FreeBSD >>>>>> Handbook. Specifically, I would like to write about dummynet, >>>>>> mixed-firewall environments (such as IPF + IPFW) and compiling firewalls >>>>>> as modules. Also, I haven't found any evidence of DEVICE_POLLING and >>>>>> LARGE_NAT. All this information is very common for "old" FreeBSD users, >>>>>> but I feel that new users should find out about this information >>>>>> directly from the handbook. >>>>>> >>>>>> I am not a native english speaker, but I think that once I have written >>>>>> something, it should be easier to correct it, rather that start from >>>>>> scratch. >>>>>> >>>>>> Please tell me whom I should contact. Please CC me, as I am not >>>>>> subscribed to this list. >>>>> No need to ask permission, just start writing. :) Once you think it's in >>>>> shape to review, post a URL with the files to this list. Once it's in >>>>> shape to submit, you can send it with send-pr, or perhaps someone will >>>>> offer to commit it directly. >>>> Thanks. I was also interested whether these topics are of value to the >>>> handbook. Some of the above-mentioned things are close to "hacking". For >>>> example, I like to swap ipfw and ipnat in /etc/rc.d/*. Should this be >>>> mentioned in the handbook too? >>> Really depends on what you mean by "swap" ? >>> >> It means editing the REQUIRES, BEFORE in /etc/rc.d/ipfw. As far as I >> know, it is not standard FreeBSD practice to do such things. > > Oh, we can do that if there is a dependency. I'll need to look > into the matter further though. Is there an issue where one will > fail to load if the previous does not? I haven't really understood your question, but I hope the following info will answer it. Originally, ipfw requires netif, while ipf is before netif. This places ipfw explicitly after ipf. I honestly have absolutely no idea why the dependencies are like this. I changed /etc/rc.d/ipfw like this: # REQUIRE: root mountcritical # BEFORE: ipfilter And it works for me :D. Talking about /etc/rc.d/ipfw, when using dummynet and ipfw, both compiled as modules, /etc/rc.d/ipfw is unable to load "pipe"s in the ruleset, because there is no place dummynet is loaded. On the contrary, loading dummynet also loads ipfw. Few people encounter this problem, as dummynet is usually compiled into the kernel. I solved the problem by changing "kldload ipfw" with "kldload dummynet" in /etc/rc.d/ipfw. I wouldn't know a general way of solving this problem. Perhaps ipfw should load dummynet when encountaring a "pipe" rule?