Date: Sat, 15 Nov 2003 19:51:19 +0900 From: Hajimu UMEMOTO <ume@mahoroba.org> To: Kostyuk Oleg <cub@cub.org.ua> Cc: freebsd-current@freebsd.org Subject: Re: /etc/rc.d/ipsec starts not in time Message-ID: <ygefzgpq508.wl%ume@mahoroba.org> In-Reply-To: <E1AGIbn-0001Ux-7o@cub.org.ua> References: <E1AGIbn-0001Ux-7o@cub.org.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
>>>>> On Sun, 02 Nov 2003 15:49:35 +0200
>>>>> Kostyuk Oleg <cub@cub.org.ua> said:
cub> Problem is in order of starting /etc/rc.d/ipsec.
cub> It must start BEFORE any network interaction,
cub> may be even before configuring interfaces.
cub> But I not sure in case with diskless mashines.
cub> -# BEFORE: DAEMON
cub> +# BEFORE: NETWORK
It is not sufficient. There is setkey(8) in /usr/sbin. It means that
we cannot protect NFS exported /usr by IPsec. If there is no
objection, I wish to move setkey(8) into /sbin like NetBSD did.
Sincerely,
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ygefzgpq508.wl%ume>