From owner-freebsd-security  Wed Jun 28 16:21:19 2000
Delivered-To: freebsd-security@freebsd.org
Received: from racine.cybercable.fr (racine.cybercable.fr [212.198.0.201])
	by hub.freebsd.org (Postfix) with SMTP id 8450537C2CF
	for <security@FreeBSD.ORG>; Wed, 28 Jun 2000 16:21:10 -0700 (PDT)
	(envelope-from root@gits.dyndns.org)
Received: (qmail 1589010 invoked from network); 28 Jun 2000 23:21:08 -0000
Received: from r224m65.cybercable.tm.fr (HELO gits.dyndns.org) ([195.132.224.65]) (envelope-sender <root@gits.dyndns.org>)
          by racine.cybercable.fr (qmail-ldap-1.03) with SMTP
          for <Gerhard.Sittig@gmx.net>; 28 Jun 2000 23:21:08 -0000
Received: (from root@localhost)
	by gits.dyndns.org (8.9.3/8.9.3) id BAA12668;
	Thu, 29 Jun 2000 01:21:04 +0200 (CEST)
	(envelope-from root)
Posted-Date: Thu, 29 Jun 2000 01:21:04 +0200 (CEST)
To: Doug Barton <DougB@gorean.org>
Cc: Gerhard Sittig <Gerhard.Sittig@gmx.net>, security@FreeBSD.ORG
Subject: Re: ipfilter hooks in rc.network
References: <20000626220852.M9883@speedy.gsinet> <39584C82.988B2F1B@gorean.org>
Reply-To: clefevre@citeweb.net
X-Face: V|+c;4!|B?E%BE^{E6);aI.[<<r#uCVjK"~Ke!@0vxS/.,wki/c|uVnNV!BA-_gY2sfoGc3
        f{#/$PT>97Zd*>^#%Y5Cxv;%Y[PT-LW3;A:fRrJ8+^k"e7@+30g0YD0*^^3jgyShN7o?a]C
        la*Zv'5NA,=963bM%J^o]C
From: Cyrille Lefevre <clefevre@no-spam.citeweb.net>
Date: 29 Jun 2000 01:21:03 +0200
In-Reply-To: Doug Barton's message of "Mon, 26 Jun 2000 23:41:06 -0700"
Message-ID: <7lb9xuhs.fsf@pc166.gits.fr>
Lines: 47
X-Mailer: Gnus v5.6.45/XEmacs 21.1 - "Canyonlands"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Doug Barton <DougB@gorean.org> writes:

> Gerhard Sittig wrote:
> 
> 	First, I'm not sure that -security is the right list for this, -current
> or -hackers might be better. Second, while I support adding the ability
> to more closely integrate ipfilter into the base, your patch's style is
> drastically out of synch with the changes introduced recently. The
> following is better style.
> 
> 	case ${ipfilter_enable} in
> 	[Yy][Ee][Ss])
> 		if [ -r "${ipfilter_rules}" ]; then
> 			echo -n ' ipfilter'
> 			ipf -Fa -f ${ipfilter_rules}
> 		fi
> 		case ${ipmon_flags} in
> 		[Nn][Oo] | '')
> 			;;
> 		*)
> 			echo -n ' ipmon'
> 			ipmon ${ipmon_flags}
> 			;;
> 		esac
> 		case ${ipnat} in

                       ${ipnat_enable} I suppose :)

> 		[Yy][Ee][Ss])
> 			if [ -r "${ipnat_rules}" ]; then
> 				echo -n ' ipnat'
> 				ipnat -CF -f ${ipnat_rules}
> 			else
> 				echo -n ' ipnat enabled but no rules!'
> 			fi
> 			;;
> 		esac
> 		;;
> 	esac

what about adding ${ipfilter_flags} and ${ipnet_flags} also,
respectively after ${ipfilter_rules} and ${ipnat_rules} ?

Cyrille.
-- 
home:mailto:clefevre@no-spam.citeweb.net Supprimer "no-spam." pour me repondre.
work:mailto:Cyrille.Lefevre@no-spam.edf.fr Remove "no-spam." to answer me back.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message