From owner-freebsd-hackers  Mon Oct 29 11:34:31 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from d13225.upc-d.chello.nl (d13225.upc-d.chello.nl [213.46.13.225])
	by hub.freebsd.org (Postfix) with ESMTP
	id 831E337B403; Mon, 29 Oct 2001 11:34:26 -0800 (PST)
Received: from adv.devet.org (adv.devet.org [192.168.1.2])
	by d13225.upc-d.chello.nl (Postfix) with ESMTP
	id 3CEB668CD; Mon, 29 Oct 2001 20:34:24 +0100 (CET)
Received: by adv.devet.org (Postfix, from userid 100)
	id A1351418A; Mon, 29 Oct 2001 20:34:21 +0100 (CET)
Date: Mon, 29 Oct 2001 20:34:21 +0100
From: Arjan de Vet <devet@devet.org>
To: Doug Barton <dougb@freebsd.org>,
	Darren Reed <darrenr@reed.wattle.id.au>
Cc: hackers@freebsd.org
Subject: PATCH for review: ipfilter changes in rc.*
Message-ID: <20011029203421.A17303@adv.devet.org>
References: <20011026131544.A12873@adv.devet.org> <200110261121.VAA08457@avalon.reed.wattle.id.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200110261121.VAA08457@avalon.reed.wattle.id.au>
User-Agent: Mutt/1.3.22.1i
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Darren Reed wrote:

>In some email I received from Arjan de Vet, sie wrote:
>> I wrote similar patches (see http://home.iae.nl/users/devet/freebsd/)
>> trying to fix more or less the same bugs/problems.
>> 
>> Maybe it's a good idea if Giorgos and I together come up with 1 'big'
>> ipfilter /etc/rc.* and rc.conf.5 patch which includes the best parts of
>> both our patches?
>
>That sounds like a good plan.

OK, updated patches for stable and current are available from:

	http://home.iae.nl/users/devet/freebsd/

I include the README here:

	This is joint work with Giorgos Keramidas.

	Patches to fix and cleanup ipfilter/ipnat code in the /etc/rc.*
	framework both for -current and -stable, including an update to
	the rc.conf(5) manual page. Note that for stable 'ipfs' should
	be MFC'ed first!

	Overview of problems fixed:

	- ipmon(8) is started before loading any filter/NAT rules;

	- ipmon(8) and ipfs(8) do not solely depend on ipfilter_enable
	  anymore, they now also work when only ipnat_enable is true;

	- the multiple occurrences of code loading the ipfilter kernel
	  module have been removed;

	- the options have been removed from the _program variables in
	  defaults/rc.conf and the comments in that file have been
	  updated to reflect (possibly new) reality;

	- the rc.conf.5 manual page has been updated to reflect the
	  changes.

	After this patch has been applied the following ipfilter related
	PRs can be closed:

	kern/25344
	conf/26275
	bin/27016
	conf/31482

	conf/25223
	conf/25809

Darren: please wait for the comments of Doug Barton before committing,
he wants to review the patch for possible rc.* style issues first.

Arjan

-- 
Arjan de Vet, Eindhoven, The Netherlands               <devet@devet.org>
URL : http://www.iae.nl/users/devet/            <Arjan.deVet@adv.iae.nl>
Work: http://www.madison-gurkha.com/  (Security, Open Source, Education)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message