Date: Wed, 23 Oct 2002 00:24:24 +0200 From: Dimitry Andric <dim@xs4all.nl> To: Thomas Quinot <thomas@cuivre.fr.eu.org> Cc: Kirk Strauser <kirk@strauser.com>, freebsd-stable@FreeBSD.ORG Subject: Re: Still no 'ipf -6' support in the rc scripts? Message-ID: <15214492799.20021023002424@xs4all.nl> In-Reply-To: <20021022212038.GB62611@melusine.cuivre.fr.eu.org> References: <87d6q29nrf.fsf@pooh.int> <20021022212038.GB62611@melusine.cuivre.fr.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2002-10-22 at 23:20:38 Thomas Quinot wrote:
TQ> You can use the following without any patches:
TQ> ipfilter_flags="-6 -f /etc/ipf.rules6"
This will not work properly, because of the following fragment in
rc.network, which comes later (after initializing gif and ppp
interfaces, among others):
# Re-Sync ipfilter so it picks up any new network interfaces
#
case ${ipfilter_active} in
[Yy][Ee][Ss])
${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null
;;
esac
This will re-use ipfilter-flags, and thus complain about already
existing IPv6 rules. In my setup I've simply removed the
${ipfilter_flags} part, since I don't use any other flags. (The -y
option syncs for both IPv4 and IPv6, if I read the source of ipf
correctly.) But this isn't a good general solution... :-(
Cheers,
- --
Dimitry Andric <dim@xs4all.nl>
PGP Key: http://www.xs4all.nl/~dim/dim.asc
Fingerprint: 7AB462D2CE35FC6D42394FCDB05EA30A2E2096A3
Lbh ner abj va ivbyngvba bs gur QZPN
-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt http://www.ipgpp.com/
Comment: http://duncan.gn.apc.org/stoa_cover.htm
iQA/AwUBPbXCDbBeowouIJajEQIi+wCfax7Pp0FhLW8Q2NACfI0qydmIGxkAn1fN
OXOeL76OhKR5faUlIGl7OMMd
=F/60
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15214492799.20021023002424>