Date: Thu, 09 Jul 2020 08:40:38 -0400 From: Ernie Luzar <luzar722@gmail.com> To: gljennjohn@gmail.com Cc: Marcelo Araujo <araujobsdport@gmail.com>, araujo@freebsd.org, "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>, FreeBSD current <freebsd-current@freebsd.org> Subject: Re: ipv6_ipfilter_rules= is obsolete ? Message-ID: <5F071046.8000604@gmail.com> In-Reply-To: <20200709091228.1d07d6f5@ernst.home> References: <5F064B4F.5040006@gmail.com> <202007082334.068NY9QQ088738@gndrsh.dnsmgr.net> <CAOfEmZgMbJjRFWaq2KZ-=0JXtkDyYMpRnU2_30PRaE7E7F2hnQ@mail.gmail.com> <20200709091228.1d07d6f5@ernst.home>
index | next in thread | previous in thread | raw e-mail
Gary Jennejohn wrote: > On Thu, 9 Jul 2020 10:27:02 +0800 > Marcelo Araujo <araujobsdport@gmail.com> wrote: > >> Em qui., 9 de jul. de 2020 __s 07:34, Rodney W. Grimes < >> freebsd-rwg@gndrsh.dnsmgr.net> escreveu: >> >>>> In /etc/defaults/rc.conf I see this >>>> >>>> ipv6_ipfilter_rules="/etc/ipf6.rules" >>>> # rules definition file for ipfilter, >>>> # see /usr/src/contrib/ipfilter/rules for examples >>>> >>>> man 8 ipf says >>>> >>>> ipf -6 ipv4 and ipv6 rules are stored in a single table and can be read >>>> from a single file. This option is no longer required to load ipv6 rules. >>>> >>>> I interrupt this to mean that the ipv6_ipfilter_rules="/etc/ipf6.rules" >>>> line in /etc/defaults/rc.conf is obsolete and should be removed >>>> before RELEASE 13.0 is published for users to use. >>> Interesting, though I would not remove it. It should be marked as >>> depricated and the /etc/rc.d/ipfilter shell script updated to emit >>> a warning that it is depricated, but it should still be processed >>> to retain backwards compatibility and NOT lock someone out of a >>> system who has just done an upgrade to a newer version. >>> >> Do you mean deprecated or depricated? >> Got confused here! Sorry English is hard for non-native speakers. >> > > It's a typo - he meant deprecated. > This "retain backwards compatibility stuff" can be taken too far backwards. I think ipfilter first can out with NO ipv6 support, then ipv6 was added using 2 rule files, and later yet it was redesigned to use a single rules file. Talking about way back around RELEASE 4.0. Now ipfilter does not work with 2 rules files for a very long time. It's now time to clean up the old ipv6 only stuff so the documentation and /etc/rc.d/ipfilter boot script reflects how it works today. And another thing to point out is the ipfilter source code has been forked and is now under Freebsd maintainership.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5F071046.8000604>