Date: Fri, 26 Jun 2009 09:43:26 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Doug Barton <dougb@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r195026 - head/etc/rc.d Message-ID: <alpine.BSF.2.00.0906260942440.34758@fledge.watson.org> In-Reply-To: <200906260104.n5Q14pRu070043@svn.freebsd.org> References: <200906260104.n5Q14pRu070043@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 26 Jun 2009, Doug Barton wrote: > Reverse the effect of r193198 for pf and ipfw which will once again > allow them to start after netif. There were too many problems reported > with this change in the short period of time that it lived in HEAD, and > we are too late in the release cycle to properly shake it out. > > IMO the issue of having the firewalls up before the network is still a > valid concern, particularly for pf whose default state is wide open. > However properly solving this issue is going to take some investment > on the part of the people who actually use those tools. This sounds right to me, FWIW -- being able to fully configure the policy before network traffic starts is definitely right in the abstract, it's just a question of getting there... Robert N M Watson Computer Laboratory University of Cambridge > > This is not a strict reversion of all the changes for r193198 since it > also included some simplification of the BEFORE/REQUIRE logic which is > still valid for ipfilter and ip6fw. > > Modified: > head/etc/rc.d/NETWORKING > head/etc/rc.d/ipfw > head/etc/rc.d/netif > head/etc/rc.d/pf > head/etc/rc.d/pflog > head/etc/rc.d/pfsync > > Modified: head/etc/rc.d/NETWORKING > ============================================================================== > --- head/etc/rc.d/NETWORKING Fri Jun 26 01:01:50 2009 (r195025) > +++ head/etc/rc.d/NETWORKING Fri Jun 26 01:04:50 2009 (r195026) > @@ -4,7 +4,7 @@ > # > > # PROVIDE: NETWORKING NETWORK > -# REQUIRE: netif netoptions routing network_ipv6 ppp > +# REQUIRE: netif netoptions routing network_ipv6 ppp ipfw > # REQUIRE: defaultroute routed mrouted route6d mroute6d resolv > > # This is a dummy dependency, for services which require networking > > Modified: head/etc/rc.d/ipfw > ============================================================================== > --- head/etc/rc.d/ipfw Fri Jun 26 01:01:50 2009 (r195025) > +++ head/etc/rc.d/ipfw Fri Jun 26 01:04:50 2009 (r195026) > @@ -4,7 +4,7 @@ > # > > # PROVIDE: ipfw > -# REQUIRE: FILESYSTEMS > +# REQUIRE: ppp > # KEYWORD: nojail > > . /etc/rc.subr > > Modified: head/etc/rc.d/netif > ============================================================================== > --- head/etc/rc.d/netif Fri Jun 26 01:01:50 2009 (r195025) > +++ head/etc/rc.d/netif Fri Jun 26 01:04:50 2009 (r195026) > @@ -27,7 +27,7 @@ > > # PROVIDE: netif > # REQUIRE: atm1 cleanvar FILESYSTEMS serial sppp sysctl > -# REQUIRE: ipfilter ipfs pf ipfw > +# REQUIRE: ipfilter ipfs > # KEYWORD: nojail > > . /etc/rc.subr > > Modified: head/etc/rc.d/pf > ============================================================================== > --- head/etc/rc.d/pf Fri Jun 26 01:01:50 2009 (r195025) > +++ head/etc/rc.d/pf Fri Jun 26 01:04:50 2009 (r195026) > @@ -4,7 +4,7 @@ > # > > # PROVIDE: pf > -# REQUIRE: FILESYSTEMS pflog pfsync > +# REQUIRE: FILESYSTEMS netif pflog pfsync > # BEFORE: routing > # KEYWORD: nojail > > > Modified: head/etc/rc.d/pflog > ============================================================================== > --- head/etc/rc.d/pflog Fri Jun 26 01:01:50 2009 (r195025) > +++ head/etc/rc.d/pflog Fri Jun 26 01:04:50 2009 (r195026) > @@ -4,7 +4,7 @@ > # > > # PROVIDE: pflog > -# REQUIRE: FILESYSTEMS cleanvar > +# REQUIRE: FILESYSTEMS netif cleanvar > # KEYWORD: nojail > > . /etc/rc.subr > > Modified: head/etc/rc.d/pfsync > ============================================================================== > --- head/etc/rc.d/pfsync Fri Jun 26 01:01:50 2009 (r195025) > +++ head/etc/rc.d/pfsync Fri Jun 26 01:04:50 2009 (r195026) > @@ -4,7 +4,7 @@ > # > > # PROVIDE: pfsync > -# REQUIRE: FILESYSTEMS > +# REQUIRE: FILESYSTEMS netif > # KEYWORD: nojail > > . /etc/rc.subr >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.0906260942440.34758>