From owner-freebsd-hackers  Wed Oct 24 17:27:58 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4CBEC37B40A; Wed, 24 Oct 2001 17:27:48 -0700 (PDT)
Received: from hades.hell.gr (patr530-a120.otenet.gr [212.205.215.120])
	by mailsrv.otenet.gr (8.11.5/8.11.5) with ESMTP id f9P0Ri501710;
	Thu, 25 Oct 2001 03:27:44 +0300 (EEST)
Received: (from charon@localhost)
	by hades.hell.gr (8.11.6/8.11.6) id f9P0RhF04447;
	Thu, 25 Oct 2001 03:27:43 +0300 (EEST)
	(envelope-from charon@labs.gr)
Date: Thu, 25 Oct 2001 03:27:43 +0300
From: Giorgos Keramidas <charon@labs.gr>
To: Gerhard Sittig <Gerhard.Sittig@gmx.net>
Cc: Darren Reed <darrenr@freebsd.org>, hackers@freebsd.org
Subject: ipfilter changes in rc.network (was: Re: cvs commit: src/etc rc.network)
Message-ID: <20011025032742.A4399@hades.hell.gr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.22.1i
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Tue, Oct 23, 2001 at 07:45:11PM +0200, Gerhard Sittig wrote:
>
> I get the feeling this - inappropriate - setting of a _program
> variable is due to my misguided suggestion in PR conf/20202
> which verbatimly made it into the FreeBSD start scripts.  If it
> doesn't fit the usual rules feel free to correct it! :)  After
> all I was a newbee to FreeBSD then (and still I'm not a guru or
> seasoned hacker:) as well as I understand Darren to do his
> daytime job with SunOS / Solaris and since he might need some
> hints on how his software fits even better into FreeBSD.  I guess
> he will happily accept patches improving a wrong approach.
> 
> Maybe there's need for the following parts:
> - ipfilter_program
> - ipfilter_prerules_flags
> - ipfilter_rules
> - ipfilter_postrules_flags
> ?  The current situation comes from the fact that I wanted to
> have a single variable with the rules file only - to check for
> its existance (if such an additional constraints check matters).

Done.  I tested on my -current (compiled on Oct 22) the patch you can
find at http://labs.gr/~charon/patches/diff.04.ipf-rc-U
It is functionally equivalent to our current rc.network behavior, but
it uses the variables you proposed, and it moves all the flags out of
all the XXX_program variables.

Comments on this are more than welcome...

-giorgos

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message