From owner-freebsd-bugs@FreeBSD.ORG Sat Apr 26 19:50:01 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F17091065677 for ; Sat, 26 Apr 2008 19:50:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id CEE5F8FC15 for ; Sat, 26 Apr 2008 19:50:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3QJo1VW005010 for ; Sat, 26 Apr 2008 19:50:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3QJo1EV005009; Sat, 26 Apr 2008 19:50:01 GMT (envelope-from gnats) Resent-Date: Sat, 26 Apr 2008 19:50:01 GMT Resent-Message-Id: <200804261950.m3QJo1EV005009@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Kevin Oberman Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9EC971065680 for ; Sat, 26 Apr 2008 19:43:09 +0000 (UTC) (envelope-from SRS0=3326df41966a19df5160a2dfd9c84c74262dddf6=683=es.net=oberman@es.net) Received: from postal1.es.net (postal3.es.net [IPv6:2001:400:14:3::8]) by mx1.freebsd.org (Postfix) with ESMTP id 21E258FC2D for ; Sat, 26 Apr 2008 19:43:09 +0000 (UTC) (envelope-from SRS0=3326df41966a19df5160a2dfd9c84c74262dddf6=683=es.net=oberman@es.net) Received: from slan.es.net (c-76-103-85-82.hsd1.ca.comcast.net [76.103.85.82]) by postal3.es.net (Postal Node 3) with ASMTP (SSL) id GXR30308 for ; Sat, 26 Apr 2008 12:43:0Received: by slan.es.net (Postfix, from userid 9381) id 5279E5CA8; Sat, 26 Apr 2008 12:43:07 -0700 (PDT) Message-Id: <20080426194307.5279E5CA8@slan.es.net> Date: Sat, 26 Apr 2008 12:43:07 -0700 (PDT) From: Kevin@es.net, "Oberman List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Apr 2008 19:50:02 -0000 >Number: 123119 >Category: misc >Synopsis: rc script for ipfw does not handle IPv6 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Apr 26 19:50:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Kevin Oberman >Release: FreeBSD 7.0-STABLE i386 >Organization: ESnet--The Energy Sciences Network >Environment: System: FreeBSD slan.es.net 7.0-STABLE FreeBSD 7.0-STABLE #0: Fri Apr 25 11:32:19 PDT 2008 root@slan.es.net:/usr/obj/usr/src/sys/IBM-T43 i386 >Description: /etc/rc.d/ipfw only sets and clears the sysctl to enable or disable IPv4. A check for ipv6_eanble and the IPv6 sysctl need to be added. >How-To-Repeat: On a system running IPv6 and IPv4, stop IPFW. It only stops for IPv4 >Fix: There might be better ways to check on IPv6, but this was the obvious one. # diff -u ipfw.orig ipfw --- ipfw.orig 2008-04-26 12:34:16.000000000 -0700 +++ ipfw 2008-04-25 15:39:41.000000000 -0700 @@ -44,6 +44,9 @@ # Enable the firewall # ${SYSCTL_W} net.inet.ip.fw.enable=1 + if checkyesno ipv6_enable; then + sysctl net.inet6.ip6.fw.enable=1 >/dev/null + fi } ipfw_stop() @@ -51,6 +54,10 @@ # Disable the firewall # ${SYSCTL_W} net.inet.ip.fw.enable=0 + if checkyesno ipv6_enable; then + sysctl net.inet6.ip6.fw.enable=0 + fi + if [ -f /etc/rc.d/natd ] ; then /etc/rc.d/natd stop fi @@ -58,4 +65,3 @@ load_rc_config $name run_rc_command "$1" >Release-Note: >Audit-Trail: >Unformatted: